News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 27, 2014, 16:07:13
Pages: 1 ... 3 4 [5] 6 7 8   Go Down
  Print  
Topic: VMware svr and client multiple vulns - updates available  (Read 36922 times)
0 Members and 1 Guest are viewing this topic.
« Reply #60 on: June 03, 2011, 04:59:50 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0009 VMware multiple security issues...
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, CVE-2011-2217...
Problem Description: VMware vmkernel third party e1000 Driver Packet Filter Bypass
There is an issue in the e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters...

- http://secunia.com/advisories/44826/
- http://secunia.com/advisories/44837/
- http://secunia.com/advisories/44838/
- http://secunia.com/advisories/44839/
- http://secunia.com/advisories/44840/
Jun 3 2011

- http://www.securitytracker.com/id/1025601
- http://www.securitytracker.com/id/1025602
Jun 3 2011

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #61 on: July 29, 2011, 04:34:23 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0010 - VMware ESX third party updates - Svc Console pkgs...
- http://www.vmware.com/security/advisories/VMSA-2011-0010.html
2011-07-28
CVE numbers: CVE-2010-0296, CVE-2011-0536, CVE-2011-0997, CVE-2011-1071, CVE-2011-1095
Summary: ESX Service Console OS (COS) updates to remediate vulnerabilities in glibc and dhcp... update for the console OS kernel package resolves four security issues...

- http://secunia.com/advisories/45467/
Release Date: 2011-07-29
Criticality level: Moderately critical
Impact: Privilege escalation, DoS, System access
Where: From local network ...
... The updates also include a fix for a regression introduced due to an earlier update not properly fixing CVE-2010-3847.
Solution: Apply patches if available...

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #62 on: August 12, 2011, 02:38:14 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMware vFabric tc Server vuln - updated
- http://www.securitytracker.com/id/1025923
Updated:  Aug 12 2011
CVE Reference: CVE-2011-0527
Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01
... Version 2.5.x is not affected.
Solution: The vendor has issued a fix (2.0.6.RELEASE, 2.1.2.RELEASE)...

- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vfabric_tc_server/2_1

- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vfabric_tc_server/2_0

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #63 on: October 05, 2011, 04:58:49 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0011 VMware hosted products address remote code execution vuln
- http://www.vmware.com/security/advisories/VMSA-2011-0011.html
2011-10-04
CVE numbers: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3868
1. Summary: Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled
2. Relevant releases:
   VMware Workstation 7.1.4 and earlier
   VMware Player 3.1.4 and earlier
   VMware Fusion 3.1.2 and earlier ...

- https://secunia.com/advisories/46241/
Release Date: 2011-10-05
Criticality level: Moderately critical
Impact: System access
Where: From remote...
Solution: Update to version 7.1.5, 3.1.5, or 3.1.3...

- http://www.securitytracker.com/id/1026139
CVE Reference: CVE-2011-3868
Oct 5 2011
Impact: Execution of arbitrary code via network, User access via network...
Version(s): Workstation 7.1.4 and prior, Player 3.1.4 and prior, Fusion 3.1.2 and prior...

 Exclamation
« Last Edit: October 09, 2011, 07:51:40 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #64 on: October 13, 2011, 07:54:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0012 - VMware ESXi and ESX updates...
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Issue date: 2011-10-12
CVE numbers:
COS Kernel --- CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090, CVE-2011-1478
COS krb5 --- CVE-2010-1323, CVE-2011-0281, CVE-2011-0282
glibc library --- CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659
mtp2sas --- CVE-2011-1494, CVE-2011-1495 ...

- https://secunia.com/advisories/46397/
Release Date: 2011-10-13
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0012):
http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #65 on: October 28, 2011, 03:59:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0012.1
VMware ESXi and ESX updates to third party libraries and ESX Service Console
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Updated on: 2011-10-27

VMSA-2011-0009.2
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Updated on: 2011-10-27

VMSA-2011-0010.2
VMware ESX third party updates for Service Console packages glibc and dhcp
- http://www.vmware.com/security/advisories/VMSA-2011-0010.html
Updated on: 2011-10-12
___

VMSA-2011-0013 - VMware third party component updates...
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- http://www.vmware.com/security/advisories/VMSA-2011-0013.html
2011-10-27
Summary: Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues...
CVE numbers:    --- openssl ---
CVE-2008-7270 CVE-2010-4180
     --- libuser ---
CVE-2011-0002
     --- nss, nspr ---
CVE-2010-3170 CVE-2010-3173
     --- Oracle (Sun) JRE 1.6.0 ---
CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476
     --- Oracle (Sun) JRE 1.5.0 ---
CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865
     --- SFCB ---
CVE-2010-2054 ...
(See "Download links" and "Release Notes")

- https://secunia.com/advisories/46650/
Release Date: 2011-10-28
Criticality level: Highly critical
Impact: System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

- https://secunia.com/advisories/46651/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

- https://secunia.com/advisories/46529/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

 Exclamation Exclamation Exclamation
« Last Edit: November 01, 2011, 09:07:17 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #66 on: November 18, 2011, 02:31:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0014 VMware vCenter Update Manager
VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
- http://www.vmware.com/security/advisories/VMSA-2011-0014.html
2011-11-17
Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability Server, vSphere Update Manager, ESXi and ESX
CVE numbers: CVE-2011-4404
Summary: Configuration update for VMware vSphere Update Manager's third party Jetty Web server component addresses directory traversal vulnerability.
Relevant releases:
vCenter Update Manager 4.1 prior to Update 2
vCenter Update Manager 4.0 prior to Update 4 ...
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
Release Notes:
https://www.vmware.com/support/pubs/vum_pubs.html

- http://www.securitytracker.com/id/1026341
CVE Reference: CVE-2011-4404
Date: Nov 18 2011
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VMware vCenter Update Manager 4.0 prior to Update 4, 4.1 prior to Update 2
___

VMSA-2011-0013.1...
- http://www.vmware.com/security/advisories/VMSA-2011-0013.html
Synopsis: VMware third party component updates for VMware vCenter
Updated on: 2011-11-17
Change log: 2011-11-17 VMSA-2011-0013.1 Update of security advisory after the release of Update 4 for vCenter Server 4.0, vSphere Update Manager 4.0, vSphere Hypervisor (ESXi) 4.0 and ESX 4.0 on 2011-11-17.

VMSA-2011-0012.1...
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Updated on: 2011-10-27
Change log: 2011-10-27 VMSA-2011-00012.1 Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.

 Exclamation
« Last Edit: November 19, 2011, 03:23:27 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #67 on: December 17, 2011, 07:59:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2011-0009.3 VMware...
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Updated on: 2011-12-15
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536 CVE-2010-1188 CVE-2009-3080 CVE-2010-2240 CVE-2011-2146 CVE-2011-1787 CVE-2011-2145 CVE-2011-2217
Summary: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues..."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #68 on: January 31, 2012, 10:12:30 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0001
- http://www.vmware.com/security/advisories/VMSA-2012-0001.html
Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console
Issue date: 2012-01-30 ...
... -many- CVE's/updates - see the site.

VMware ESXi Server fixes/updates
- https://secunia.com/advisories/47758/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
... vulnerabilities are reported in versions 4.0 and 4.1...

VMware ESXi Server Python fixes/updates
- https://secunia.com/advisories/47608/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote...
... vulnerabilities are reported in the versions 3.5, 4.0, 4.1, and 5.0...
___

VMSA-2011-0004.3
- http://www.vmware.com/security/advisories/VMSA-2011-0004.html
Issue date: 2011-03-07
Updated on: 2012-01-30

 Exclamation
« Last Edit: January 31, 2012, 14:38:57 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #69 on: March 09, 2012, 04:46:10 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0002 - VMware vCenter Chargeback Mgr vuln
- http://www.securitytracker.com/id/1026778
Date: Mar 9 2012
CVE Reference: CVE-2012-1472
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
Version(s): prior to 2.0.1
Vendor URL: http://www.vmware.com/security/advisories/VMSA-2012-0002.html
... VMware vCenter Chargeback Manager prior to version 2.0.1

VMSA-2012-0003 - VMware VirtualCenter Update and ESX 3.5 patch update JRE
- http://www.vmware.com/security/advisories/VMSA-2012-0003.html
Summary: VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE...
Issue date: 2012-03-08
___

VMware New and Updated Advisories
- https://isc.sans.edu/diary.html?storyid=12754
Last Updated: 2012-03-09 22:22:12 UTC

 Exclamation
« Last Edit: March 15, 2012, 11:25:33 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #70 on: March 16, 2012, 05:17:54 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0004 - VMware View privilege escalation and cross-site scripting
- http://www.vmware.com/security/advisories/VMSA-2012-0004.html
2012-03-15
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Problem Description: The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops...

- http://www.securitytracker.com/id/1026814
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Version(s): View 4.6.0 and prior ...

VMSA-2012-0005...
- http://www.vmware.com/security/advisories/VMSA-2012-0005.html
Issue date: 2012-03-15
Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues...

- http://www.securitytracker.com/id/1026815
Date: Mar 16 2012
CVE Reference: CVE-2012-1514
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vShield Manager 4.0, 4.1 ...

- http://www.securitytracker.com/id/1026816
Date: Mar 16 2012
CVE Reference: CVE-2012-1513
Impact: Disclosure of authentication information
Version(s): vCO 4.0, 4.1, 4.2 ...

- http://www.securitytracker.com/id/1026817
Date: Mar 16 2012
CVE Reference: CVE-2012-1512
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vSphere 4.1, 5.0 ...

- http://www.securitytracker.com/id/1026818
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1510
Impact: Execution of arbitrary code via local system, User access via local system
Version(s): ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ...
___

VMware New and Updated Security Advisories
- https://isc.sans.edu/diary.html?storyid=12802
Last Updated: 2012-03-16 11:17:17 UTC

 Exclamation Exclamation
« Last Edit: March 16, 2012, 06:15:21 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #71 on: March 30, 2012, 01:26:23 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0006 - VMware ESXi and ESX
- http://www.vmware.com/security/advisories/VMSA-2012-0006.html
2012-03-29
CVE numbers: CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862
Summary: VMware ESXi and ESX address several security issues.
Relevant releases:
ESXi 4.1 without patch ESXi410-201101201-SG
ESXi 4.0 without patch ESXi400-201203401-SG
ESXi 3.5 without patch ESXe350-201203401-I-SG
ESX 4.1 without patch ESX410-201101201-SG
ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
ESX 3.5 without patch ESX350-201203401-SG
a. VMware ROM Overwrite Privilege Escalation...
b. ESX third party update for Service Console kernel...
c. ESX third party update for Service Console krb5 RPM...

VMware ESX Server vuln...
- https://secunia.com/advisories/48612/
Release Date: 2012-03-30
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
Operating System: VMware ESX Server 4.x
CVE Reference(s): CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862

- https://secunia.com/advisories/48669/
Release Date: 2012-03-30
Criticality level: Less critical
Impact:   Privilege escalation
Where: Local system ...
Operating System: VMware ESX Server 3.x, 4.x, VMware ESXi 3.x, 4.x
CVE Reference(s): CVE-2012-1515

- http://www.securitytracker.com/id/1026875
CVE Reference: CVE-2012-1515
Date: Mar 30 2012
Impact: Root access via local system, User access via local system
Version(s): ESX and ESXi 3.5, 4.0, 4.1...
Solution: The vendor has issued a fix...

 Exclamation
« Last Edit: March 30, 2012, 10:10:44 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #72 on: April 13, 2012, 01:34:12 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0007 - VMware hosted products and ESXi/ESX patches...
- http://www.vmware.com/security/advisories/VMSA-2012-0007.html
2012-04-12
CVE numbers: CVE-2012-1518
1. Summary: VMware hosted products and ESXi/ESX patches address privilege escalation.
2. Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
3. Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation...

- http://www.securitytracker.com/id/1026922
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): Workstation 8.0.1 and prior; Player 4.0.1 and prior; Fusion 4.1.1 and prior
Solution: The vendor has issued a fix (Workstation 8.0.2, Player 4.0.2, Fusion 4.1.2).
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0007.html

- http://www.securitytracker.com/id/1026923
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): 3.5, 4.0, 4.1; ESXi 5.0
Impact: A local user on a Windows guest operating system can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix.
ESXi 5.0: ESXi500-201203102-SG
ESXi 4.1: ESXi410-201201402-BG
ESXi 4.0: ESXi400-201203402-BG
ESXi 3.5: ESXe350-201203402-T-BG
ESX 4.1: ESX410-201201401-SG
ESX 4.0: ESX400-201203401-SG
ESX 3.5: ESX350-201203402-BG
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0007.html

 Exclamation
« Last Edit: April 16, 2012, 03:51:45 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #73 on: April 26, 2012, 03:42:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMware Security Note
- http://blogs.vmware.com/security/2012/04/vmware-security-note.html
April 24, 2012 - "Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

> http://h-online.com/-1559794
26 April 2012

> http://www.theinquirer.net/inquirer/news/2170503/hardcore-charlie-disputes-downplaying-vmware-code
Apr 26 2012

> http://www.theregister.co.uk/2012/04/25/vmware_source_code_leak/
25 April 2012

 Sad
« Last Edit: April 26, 2012, 06:39:13 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #74 on: April 27, 2012, 04:55:51 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

VMSA-2012-0008 - VMware ESX updates to ESX Service Console
- http://www.vmware.com/security/advisories/VMSA-2012-0008.html
Synopsis: VMware ESX updates to ESX Service Console
Issue date: 2012-04-26
CVE numbers: CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3191, CVE-2011-4348, CVE-2012-0028, CVE-2011-3905, CVE-2011-3919
Relevant releases: ESX 4.1 without patches ESX410-201204401-SG,ESX410-201204402-SG...

- https://secunia.com/advisories/48959/
Release Date: 2012-04-27
Criticality level: Highly critical
Impact: Privilege escalation, DoS, System access
Where: From remote
... vulnerabilities are reported in versions 4.1 and 4.0.
Solution: Apply patches...
Original Advisory: VMSA-2012-0008:
http://www.vmware.com/security/advisories/VMSA-2012-0008.html

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 3 4 [5] 6 7 8   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 2.039 seconds with 20 queries.