In association with heise online

06 June 2008, 11:13

Another vulnerability report from VMware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMWare has issued a security advisory describing additional errors in both its desktop and its server products. An error in the HGFS.sys driver of the VMware Tools Package can be exploited to allow an unprivileged guest user to escalate his privileges on a Windows guest system. A user logged into the Linux host system can execute arbitrary code on it by exploiting an error in vmware-authd. The announcment comes only days after VMware reported critical holes in its desktop products.

A hole in the Openwsman system management further allows access with root privileges. Here too, an attacker needs to know the valid login credentials of at least one restricted user. There are more buffer overflows in the VMware VIX API. The report also lists some older holes in open source packages such as unzip, tcltk, cyrus-sasl and Kerberos that are used on VMware server systems.

The original security advisory contains a list of the systems that are affected. VMware has provided updates for all the vulnerable products. If you updated your desktop product at the beginning of the week, you are already up to date. Only operators of the server software need to act.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit