Wednesday, October 28, 2009

Security updates For VMware Products Available

VMware has released security update to patch two vulnerabilities in their virtualization applications:

*Mishandled exception on page faults (CVE-2009-2267). An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system.
*Directory Traversal vulnerability (CVE-2009-3733). A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.


Affected versions:
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
VMware ESXi 4.0 without patch ESXi400-200909401-BG,
VMware ESXi 3.5 without patches ESXe350-200910401-I-SG,
ESXe350-200901401-I-SG,
VMware ESX 4.0 without patch ESX400-200909401-BG,
VMware ESX 3.5 without patches ESX350-200910401-SG
ESX350-200901401-SG,
VMware ESX 3.0.3 without patches ESX303-200910401-BG,
ESX303-200812406-BG,
VMware ESX 2.5.5 without Upgrade Patch 15.


Further information including updating instructions can be read from VMware's security advisory

No comments: