Security update for VMware’s ESX Server
VMware has issued an update to its ESX server version 3.5.x to close security holes in Samba, VMkernel, Service Console, and hostd. The Samba hole has been public for three months and allows attackers to take control of the server.
The other holes have been known since last year – some even since 2006. Why VMware has taken so long to issue the update is a mystery. ESX versions 3.0.2, 3.0.1, 2.5.5 and 2.5.4 are also affected by the security hole in Samba. But there is still no patch avalable for these.
- VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix, VMware bug report