The OVAL Repository5.10.12013-08-03T07:16:40.684-04:00Firmware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service ConsoleVMWare ESX Server 4.0VMWare ESX Server 4.1VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.Aslesha NargolkarDRAFTINTERIMACCEPTEDACCEPTEDVMware ESX Server 4.0 is installedVMware ESX Server 4The operating system installed on the system is VMware ESX Server 4.0.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDVMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcpVMWare ESX Server 4.1Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.Aslesha NargolkarDRAFTINTERIMACCEPTEDACCEPTEDVMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcpVMWare ESX Server 4.0VMWare ESX Server 4.1The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.Aslesha NargolkarDRAFTINTERIMACCEPTEDACCEPTEDVMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcpVMWare ESX Server 4.0VMWare ESX Server 4.1dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.Aslesha NargolkarDRAFTINTERIMACCEPTEDACCEPTEDVMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcpVMWare ESX Server 4.0VMWare ESX Server 4.1locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.Aslesha NargolkarDRAFTINTERIMACCEPTEDACCEPTEDVMware ESX Server 4.1 is installedVMware ESX Server 1The operating system installed on the system is VMware ESX Server 4.1.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDESX410-201104401-SGESX400-201104401-SG4.0.04.1.0