Symptoms:
What VMware Smart Assurance product versions are affected by the "buffer overflow vulnerability" issue described in ESA-2011-029?
What fixes are available in which VMware Smart Assurance product versions for the "buffer overflow vulnerability" found in multiple VMware Smart Assurance products and described in ESA-2011-029?


Vulnerability Summary:

The affected VMware Smart Assurance products contain a buffer overflow vulnerability which can be exploited to cause a denial of service, or possibly, arbitrary code execution

VMware Smart Assurance - SMARTS

Vulnerability Details:

Multiple VMware Smart Assurance products contain a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP or UDP to cause a denial of service, or possibly, execute arbitrary code. 

The following table lists the versions of VMware Smart Assurance products affected  by the problem described in ESA-2011-029 and the current Remediation Status. In the "EMC Response" column, it lists the earliest version of the products that currently have a fix available for this issue. This table will be updated as fixes for particular product versions are released.

VMWARE Impacted Products	Remediation Status	VMWARE Response (Solution ID/Version)
VMware Smart Assurance Application Connectivity Monitor (ACM) 2.3 and earlier	Under Investigation
VMware Smart Assurance Adapter for Alcatel-Lucent  5620 SAM EMS  (ASAM) 3.2.0.2 and earlier	Fixed	Upgrade to version 3.2.0.3 and later
VMware Smart Assurance Server Manager (EISM) 3.0 & earlier	Under Investigation
VMware Smart Assurance IP Management Suite (IP) 8.1.1.1, 7.0.3.28, 7.0.4.2 and earlier	Fixed	Upgrade to versions 8.1.2, 7.0.4.3, 7.0.3.29 and later
VMware Smart Assurance IPv6 Management Suite (IPv6) 2.0.2 and earlier	Under Investigation
VMware Smart Assurance MPLS Management Suite (MPLS) 4.0.0 and earlier	Fixed	Upgrade to version 4.0.1 and later
VMware Smart Assurance Multicast Management Suite (MCAST) 2.1 and earlier	Fixed	Upgrade to version 2.1.1 and later
VMware Smart Assurance Network Protocol Management Suite (NPM) 3.1 and earlier	Fixed	Upgrade to version 3.1.1 and later
VMware Smart Assurance Optical Transport Management Suite (OTM) 5.1 and earlier	Under Investigation
VMware Smart Assurance Service Assurance Management Suite (SAM) 8.1.0.6 and earlier	Fixed	Upgrade to version 8.1.1 and later
VMware Smart Assurance SAM Adapter Suite 1.3 and earlier	Under Investigation
VMware Smart Assurance Storage Insight for Availability Suite (SIA) 2.3.1 and earlier	Under Investigation
VMware Smart Assurance VoIP Availability Management Suite (VoIP AM) 4.0.0.3 and earlier	Fixed	Upgrade to version 4.0.0.4 and later

VMware Corporation distributes VMware Security Advisories in order to bring to the attention of users, of the affected VMware products, important security information. VMware recommends all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. VMware disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and non-infringement. In no event, shall VMware or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if VMware or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.