Virtualization Technology News and Information
Article
RSS
VMware ESX Code Execution and Denial of Service Vulnerabilities

The French Security Incident Response Team (FrSIRT) has alerted users to a high risk and exploitable problem titled VMware ESX Code Execution and Denial of Service Vulnerabilities.  It affects VMware ESX Server version 3.5.

Multiple vulnerabilities have been identified in VMware ESX Server, which could be exploited by attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system. These issues are caused by errors in pcre, net-snmp, and OpenPegasus. For additional information, see : FrSIRT/ADV-2007-3725 - FrSIRT/ADV-2007-3802 - FrSIRT/ADV-2008-0063

The solution:

Apply patches (ESX350-200803214-UG and ESX350-200803214-UG) :
http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip

 


 

Published Wednesday, April 16, 2008 6:05 AM by David Marshall
Comments
» VMware ESX Code Execution and Denial of Service Vulnerabilities - (Author's Link) - April 16, 2008 8:02 AM
Virtual Enthusiasm - (Author's Link) - April 16, 2008 8:59 AM

Found this via vmblog.com...The French Security Incident Response Team (FrSIRT) has alerted users to a high risk and exploitable problem titled VMware ESX Code Execution and Denial of Service Vulnerabilities.  It affects VMware ESX Server version

Clintre - (Author's Link) - April 16, 2008 9:19 AM

The patches are also already in the Update 1 releases for ESX 3.5 and VC 2.5 from VMware. So if you are applying that update you should be covered.

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<April 2008>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910