VMware has fixed critical security vulnerabilities in two of its virtualization products, ESXi and ESX 3.5. The patches fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system. However, to exploit the vulnerabilities the attacker has to have access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network.
More information can be read from the correspondent VMware security advisory.
Saturday, September 20, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment