13 July 2009, 09:53
Security Update for VMWare ESX 4.0.0
VMWare has released an update (direct download) for the Console-Package for VMWare ESX 4.0.0 which addresses weaknesses in udev, cURL and sudo. The errors in sudo and udev allowed a normal user to access root privilege.
The error in cURL allowed an attacker to look at files on the system or, potentially, write to them. This was caused by a automatic redirect feature which could redirect a http:// request from a server to a file:// local URL. The holes have been closed in the individual open source projects for several months.
See also:
- VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl, the VMWare security announcement.
- Security Update for cURL, a report from The H.
- Vulnerabilities in Linux allow root privileges, a report from The H.
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-742449
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
