In association with heise online

13 July 2009, 09:53

Security Update for VMWare ESX 4.0.0

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMWare has released an update (direct download) for the Console-Package for VMWare ESX 4.0.0 which addresses weaknesses in udev, cURL and sudo. The errors in sudo and udev allowed a normal user to access root privilege.

The error in cURL allowed an attacker to look at files on the system or, potentially, write to them. This was caused by a automatic redirect feature which could redirect a http:// request from a server to a file:// local URL. The holes have been closed in the individual open source projects for several months.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit