In association with heise online

07 April 2009, 11:30

VMware patches several vulnerabilities in its products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMware has issued updates to fix several security related issues in it's Workstation, Player, ACE, Server, ESX and ESXi virtualisation products. One of the fixes resolves a vulnerability in a guest virtual device driver that could allow a guest operating system to crash the host. According to the report, a similar denial of service vulnerability was also found in the hcmon.sys driver in Windows.

A bug in vmware-authd.exe that could result in a denial of service condition on Windows hosts has been resolved.

An exploit on Windows-based systems that could allow for privilege escalation due to a vulnerability found in a Virtual Machine Communication Interface (VMCI) file has been fixed. The current versions of ESX are not affected as they do not support VMCI.

Two vulnerabilities in the VNnc Codec have been patched preventing heap overflows that allowed an attacker to run arbitrary code on a host system. For an attack to be successful, a user must first open a specially crafted malicious VNnc file or visit a malicious web page.

An issue has been addressed that allowed a password to be read from the memory of a VI client after a user logged into a VirtualCenter Server.

A VMware ACE shared folders vulnerability has been fixed that allowed non-ACE Administrators to re-enable shared folders that were disabled.

Links to updates for each version are available in the original bug report from the VMware.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit