CVE-2011-1789

Summary

CVE	CVE-2011-1789
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-05-09 22:55:00 UTC
Updated	2011-05-26 04:00:00 UTC
Description	The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

Risk And Classification

Problem Types: CWE-310

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vmware	Esx	4.0	All	All	All
Application	Vmware	Esx	4.1	All	All	All
Application	Vmware	Esx	4.0	All	All	All
Application	Vmware	Esx	4.1	All	All	All
Application	Vmware	Esxi	4.0	All	All	All
Application	Vmware	Esxi	4.1	All	All	All
Application	Vmware	Esxi	4.0	All	All	All
Application	Vmware	Esxi	4.1	All	All	All
Application	Vmware	Vcenter	4.0	All	All	All
Application	Vmware	Vcenter	4.0	update_1	All	All
Application	Vmware	Vcenter	4.0	update_2	All	All
Application	Vmware	Vcenter	4.1	All	All	All
Application	Vmware	Vcenter	4.0	All	All	All
Application	Vmware	Vcenter	4.0	update_1	All	All
Application	Vmware	Vcenter	4.0	update_2	All	All
Application	Vmware	Vcenter	4.1	All	All	All

References

Reference	Source	Link	Tags
VMSA-2011-0008	CONFIRM	www.vmware.com	Patch, Vendor Advisory
SecurityTracker: VMware vCenter Discloses File to Remote Users and Let Local Users Gain Elevated Privileges	SECTRACK	securitytracker.com
[Security-announce] VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities	MLIST	lists.vmware.com	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.