CVE-2011-1789 - Vulnerability Details - OpenCVE

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Esx Esxi Vcenter

Configuration 1 [-]

OR	cpe:2.3:a:vmware:esx:4.0:::::::*
	cpe:2.3:a:vmware:esx:4.1:::::::*
	cpe:2.3:a:vmware:esxi:4.0:::::::*
	cpe:2.3:a:vmware:esxi:4.1:::::::*
	cpe:2.3:a:vmware:vcenter:4.0:::::::*
	cpe:2.3:a:vmware:vcenter:4.0:update_1::::::
	cpe:2.3:a:vmware:vcenter:4.0:update_2::::::
	cpe:2.3:a:vmware:vcenter:4.1:::::::*

No data.

References

Link	Providers
http://lists.vmware.com/pipermail/security-announce/2011/000137.html
http://securitytracker.com/id?1025502
http://www.vmware.com/security/advisories/VMSA-2011-0008.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-05-09T22:00:00Z

Updated: 2024-09-16T16:28:59.357Z

Reserved: 2011-04-19T00:00:00Z

Link: CVE-2011-1789

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-05-09T22:55:03.210

Modified: 2024-11-21T01:27:03.343

Link: CVE-2011-1789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-05-09T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "1025502", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025502"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "1025502", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025502"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.821Z"}, "title": "CVE Program Container", "references": [{"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"name": "1025502", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025502"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1789", "datePublished": "2011-05-09T22:00:00Z", "dateReserved": "2011-04-19T00:00:00Z", "dateUpdated": "2024-09-16T16:28:59.357Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "60B31894-78E7-41A6-857C-D7A0C1C52838", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "8087D4A0-D416-4746-8EE6-9833C20B7BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "613AC011-EED1-49C2-9A6B-4C3BF0EBE8EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "15C55340-9A59-4FD6-A6BD-1F68E8FE9692", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer."}, {"lang": "es", "value": "El instalador auto-extraible del cliente vSphere en VMware vCenter 4.0 anteriores a la Actualizaci\u00f3n 3 y v4.1 anteriores a la Actualizaci\u00f3n 1, VMware ESXi v4.x anteriores a v4.1 Actualizaci\u00f3n 1, y VMware ESX v4.x anteriores a v4.1 Actualizaci\u00f3n 1 no tiene una firma digital , lo que podr\u00eda facilitar a los atacantes remotos a falsificar la distribuci\u00f3n de software a trav\u00e9s de un instalador troyanizado."}], "id": "CVE-2011-1789", "lastModified": "2024-11-21T01:27:03.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-09T22:55:03.210", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1025502"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}