13 July 2009, 10:53

Security Update for VMWare ESX 4.0.0

VMWare has released an update (direct download) for the Console-Package for VMWare ESX 4.0.0 which addresses weaknesses in udev, cURL and sudo. The errors in sudo and udev allowed a normal user to access root privilege.

The error in cURL allowed an attacker to look at files on the system or, potentially, write to them. This was caused by a automatic redirect feature which could redirect a http:// request from a server to a file:// local URL. The holes have been closed in the individual open source projects for several months.

See also:

VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl, the VMWare security announcement.
Security Update for cURL, a report from The H.
Vulnerabilities in Linux allow root privileges, a report from The H.

Security Update for VMWare ESX 4.0.0

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit