Numerous vulnerabilities in VMware products
VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. Most of the vulnerabilities are in Java, Tomcat and the kernel and have been known for some time. Some of them can be exploited to compromise a system, however, the advisory notes that flaws in the Service Console kernel and JRE can only be exploited when an attacker has access to the Service Console network.
Currently, updates have only been released for some of the affected products, such as ESX 4.0 and vCenter 4.0. According to VMware, security updates for the other products are pending completion .
- VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components, advisory from VMware.
- UPDATED VMSA-2009-0002.2 VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27, advisory from VMware.