In association with heise online

07 October 2008, 14:49

VMware patches holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMWare has announced updates for its Virtual Center, VMware Workstation, VMware Player, VMware ACE, VMware Server and VMware ESXi to resolve vulnerabilities. Only 64-bit versions of Windows and FreeBSD are affected, not Linux.

VMware manages to virtualise x86 code even on CPUs without Intel's VT or AMD's AMD-V hardware virtualisation extensions by running all Ring 0 code - the OS kernel and device drivers – through a software x86 emulator. It's in this emulator that the bug has been discovered - an error in the 64-bit CPU emulation makes the CM jump to the wrong address when it receives a JMP instruction.

According to the company, the bug hasn't been exploited to compromise a host, but it could result in privilege escalation.

The update also fixes a bug where user passwords are shown in the clear in Virtual Center, VMware ESX and ESXi and also brings the Java version up to date (to version 1.50_16). Details of the affected versions and the patch are available on VMware's site.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit