VMware ESX SLPD Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1025168 |
|
SecurityTracker URL: http://securitytracker.com/id/1025168
|
|
CVE Reference:
CVE-2010-3609
(Links to External Site)
|
Date: Mar 8 2011
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0, 4.1
|
Description:
A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.
Nicolas Gregoire and US CERT reported this vulnerability.
[Editor's note: OpenSLP is also affected.]
|
Impact:
A remote user can consume excessive CPU resources.
|
Solution:
The vendor has issued a fix.
ESXi 4.1: ESXi410-201101201-SG
ESXi 4.0: ESXi400-201103401-SG
ESX 4.1: ESX410-201101201-SG
ESX 4.0: ESX400-201103401-SG
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2011-0004.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 08 Mar 2011 07:04:35 +0000
Subject: VMware ESX Server
|
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
CVE-2010-3609
|
|
