Wednesday, October 8, 2008

Vulnerabilities In WMware Software

There has been released new updates for VMware products that fix several vulnerabilities:
1) Privilege escalation on 64-bit Windows and 64-bit FreeBSD guest operating systems and possibly other 64-bit operating systems (Linux guest operating systems excluded)
2) Password displayed in cleartext under certain circumstances in VirtualCenter -software.
3) Java JRE update in VirtualCenter -software

Vulnerable versions:
-VirtualCenter 2.5 before Update 3 build 119838
-VMware Workstation 6.0.4 and earlier
-VMware Workstation 5.5.7 and earlier
-VMware Player 2.0.4 and earlier
-VMware Player 1.0.7 and earlier
-VMware ACE 2.0.4 and earlier
-VMware ACE 1.0.6 and earlier
-VMware Server 1.0.6 and earlier
-VMware ESXi 3.5 without patch ESXe350-200809401-I-SG
-ESX 3.5 without patch ESX350-200809404-SG
-ESX 3.0.3 without patch ESX303-200809401-SG
-ESX 3.0.2 without patch ESX-1006361
-ESX 3.0.1 without patch ESX-1006678


More information regarding found vulnerabilities and their fixes can be read from VMware Security Advisory.

No comments: