{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"VMware ESX Server 3.0.x","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX Server 2.x.","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":"","content":"## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le produit VMware\nESX Server. Celles-ci concernent :\n\n-   Une mauvaise gestion des droits sur les cl\u00e9s SSL g\u00e9n\u00e9r\u00e9es par\n    vmware-config (CVE-2006-3589) ;\n-   certaines bibiloth\u00e8ques OpenSSL (CVE-2006-2937, CVE-2006-2940,\n    CVE-2006-4339, CVE-2006-4343, CVE-2006-3738) ;\n-   OpenSSH (CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924,\n    CVE-2006-5051, CVE-2006-5794) ;\n-   un d\u00e9bordement de tampon dans la fonction repr() utilis\u00e9e par\n    certaines applications en Python (CVE-2006-4980) ;\n-   un probl\u00e8me concernant les fichiers de disques virtuels ( .vmdk ou\n    .dsk ) nouvellement cr\u00e9\u00e9s, qui contiennent des blocs de fichiers de\n    disques r\u00e9cemment effac\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2006-4339","url":"https://www.cve.org/CVERecord?id=CVE-2006-4339"},{"name":"CVE-2006-3589","url":"https://www.cve.org/CVERecord?id=CVE-2006-3589"},{"name":"CVE-2006-2940","url":"https://www.cve.org/CVERecord?id=CVE-2006-2940"},{"name":"CVE-2004-2069","url":"https://www.cve.org/CVERecord?id=CVE-2004-2069"},{"name":"CVE-2006-4924","url":"https://www.cve.org/CVERecord?id=CVE-2006-4924"},{"name":"CVE-2003-0386","url":"https://www.cve.org/CVERecord?id=CVE-2003-0386"},{"name":"CVE-2006-4343","url":"https://www.cve.org/CVERecord?id=CVE-2006-4343"},{"name":"CVE-2006-5794","url":"https://www.cve.org/CVERecord?id=CVE-2006-5794"},{"name":"CVE-2006-3738","url":"https://www.cve.org/CVERecord?id=CVE-2006-3738"},{"name":"CVE-2006-0225","url":"https://www.cve.org/CVERecord?id=CVE-2006-0225"},{"name":"CVE-2006-2937","url":"https://www.cve.org/CVERecord?id=CVE-2006-2937"},{"name":"CVE-2006-5051","url":"https://www.cve.org/CVERecord?id=CVE-2006-5051"},{"name":"CVE-2006-4980","url":"https://www.cve.org/CVERecord?id=CVE-2006-4980"}],"links":[{"title":"Patch pour VMWare ESX Server 2.5.3 :","url":"http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"},{"title":"Patch pour VMware ESX Server 2.0.2 :","url":"http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"},{"title":"Patch pour VMware ESX Server 3.0.0 :","url":"http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"},{"title":"Patch pour VMWare ESX Server 2.1.3 :","url":"http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"},{"title":"Patch pour VMware ESX Server 2.5.4 :","url":"http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"},{"title":"Patch pour VMware ESX Server 3.0.1 :","url":"http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"}],"reference":"CERTA-2007-AVI-026","revisions":[{"description":"version initiale.","revision_date":"2007-01-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es pour les produits VMware\nESX Server 2.x et 3.0.x.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans VMware","vendor_advisories":[{"published_at":"2007-01-09","title":"Bulletin de s\u00e9curit\u00e9 VMware VMSA-2007-0001","url":"None"}]}