The OVAL Repository 5.9 2012-01-27T05:11:27.297-05:00 VMWare ESX Server 4.0 VMWare ESX Server 4.1 VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic. Aslesha Nargolkar DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4.1 Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. Aslesha Nargolkar DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4.0 VMWare ESX Server 4.1 The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. Aslesha Nargolkar DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4.0 VMWare ESX Server 4.1 dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. Aslesha Nargolkar DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4.0 VMWare ESX Server 4.1 locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. Aslesha Nargolkar DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 1 The operating system installed on the system is VMware ESX Server 4.1. Jonathan Baker DRAFT INTERIM ACCEPTED ACCEPTED