In association with heise online

30 April 2012, 16:23

VMware patches vulnerabilities in ESX 4.1

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMware logo Virtualisation specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualisation product.

According to the company, the Service Console in ESX 4.1 on unpatched systems can be exploited by a local user in a guest virtual machine to gain escalated privileges, or by a malicious remote user to cause a denial-of-service (DoS) condition or compromise a victim's system. In its advisory, VMware notes that some of these holes, found in previous versions of the libxml2 XML C parser and toolkit used by the ESX Console Operating System (COS), have been closed by updating libxml2 to a newer release.

Versions 4.0 and 4.1 of ESX are affected; vCenter, ESXi and ESX 3.5 as well as hosted products such as VMware Workstation, Player, ACE and Fusion are not vulnerable. Patches are available for ESX 4.1 that correct these problems, while patches for version 4.0 are listed as "pending".

Further information about the vulnerabilities can be found in the company's security advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit