VMware patches remote execution vulns

  • 0 Replies

Offline sjb007

  • Visiting Staff
  • Bronze Member
  • 48
  • Retired Staff
    • Thunderbyte
VMware patches remote execution vulns
« on: September 21, 2008, 01:40:52 AM »
VMware has fixed critical security bugs in two of its virtualization products that could allow a remote attacker to remotely install malware on a host machine.

The patches, which apply to ESXi and ESX 3.5, fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system, VMware warns here.

VMware went on to say the bug can only be exploited if the attacker has access to the service console network. That isn't something VMware advises, but it's a fair bet that some people do it anyway.

Full article here - http://www.theregister.co.uk/2008/09/19/vmware_critical_vuln_patched/
St John Ambulance Volunteer : The difference between a life lost and a life saved.
Patience is a virtue