Jump to content


Photo

VMware svr and client multiple vulns - updates available


  • Please log in to reply
163 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 24 February 2008 - 09:39 AM

FYI...

- http://secunia.com/advisories/29032/
Release Date: 2008-02-22
Critical: Moderately critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x, VMware ESX Server 3.x ...
Solution: Apply patches...
Original Advisory:
http://lists.vmware....008/000005.html ...

VMware client products on Windows...
> http://isc.sans.org/...ml?storyid=4018
Last Updated: 2008-02-24 12:19:22 UTC
"... VMware vulnerability*... full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations." It has been rated as critical by VMware and it affects all VMware client products on Windows, that is:
- VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier
- VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier
- VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier..."
* http://preview.tinyurl.com/2vybj7
Last Modified Date: 02-22-2008
(VMware KB)
Workaround:
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders...

> http://nvd.nist.gov/...e=CVE-2007-1744
...Patch Information
http://www.vmware.co...s_ws55.html#554 ...

Edited by apluswebmaster, 26 February 2008 - 09:43 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 26 February 2008 - 09:37 PM

FYI...

- http://isc.sans.org/...ml?storyid=4018
Last Updated: 2008-02-26 02:29:41 UTC ...(Version: 3)
"UPDATE... Although the VMware alert mentions VMware Workstation 5.5.4 (or earlier), ACE 1.0.2 (or earlier) and Player 1.0.4 (or earlier), the latest versions available are VMware Workstation 5.5.5, ACE 1.0.4 and Player 1.0.5. We have confirmed with VMware that -all- versions of Workstation, ACE and Player are affected. They will release a fix ASAP."

> http://preview.tinyurl.com/2vybj7
Last Modified Date: 02-22-2008 (VMware KB) - "...Workaround:
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders..."

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 March 2008 - 04:15 PM

FYI...

VMware Workstation 6.0.3 for Windows released
- http://www.vmware.com/download/ws/
Latest Version: 6.0.3 | 3/14/08 | Build: 80004

Workstation 6.0 Release Notes
- http://www.vmware.co...enotes_ws6.html
...Workstation 6.0.3 addresses the following security issues:
* On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360)...
(... other issues also addressed)

- http://www.vmware.co...ity/advisories/
March 17, 2008 VMSA-2008-0005

--------------------------------------------

- http://secunia.com/advisories/29412/
Release Date: 2008-03-17
Software: VMware Server 1.x
Impact: Security Bypass, Privilege escalation, DoS
Where: From remote
Solution Status: Vendor Patch
...The vulnerabilities are reported in versions prior to 1.0.5.
Solution: Update to version 1.0.5...

VMware server release notes
- http://www.vmware.co...r.html#resolved

Download:
- http://www.vmware.com/download/server/
Latest Version: 1.0.5 | 3/14/08 | Build: 80187

Edited by apluswebmaster, 20 March 2008 - 05:31 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 24 March 2008 - 01:43 PM

Per: http://www.us-cert.g...8-084.html#high
March 24, 2008

VMware Workstation, ACE, VMware Server, Player
- http://nvd.nist.gov/...e=CVE-2008-1340
- http://nvd.nist.gov/...e=CVE-2008-1361
- http://nvd.nist.gov/...e=CVE-2008-1362
- http://nvd.nist.gov/...e=CVE-2008-1363
- http://nvd.nist.gov/...e=CVE-2008-1364
- http://nvd.nist.gov/...e=CVE-2008-1392

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 31 March 2008 - 05:28 AM

FYI...

VMware ESX Server update
- http://secunia.com/advisories/29591/
Release Date: 2008-03-31
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x
Solution: Apply patches. ESX 2.5.5 Upgrade Patch 6
- http://vmware.com/su...0803-patch.html
Original Advisory:
- http://lists.vmware....008/000009.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 June 2008 - 01:16 PM

FYI...

VMSA-2008-0008
- http://www.vmware.co...-2008-0008.html
"Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues.
Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical
security issues
Issue date: 2008-05-30
Updated on: 2008-05-30 (initial release of advisory)
CVE numbers:
- http://nvd.nist.gov/...e=CVE-2008-2098
- http://nvd.nist.gov/...e=CVE-2008-2099

- http://isc.sans.org/...ml?storyid=4501
Last Updated: 2008-06-01 13:56:42 UTC - "...The advisory affects the following products:
VMware Workstation 6.0.3 and earlier
VMware Player 2.0.3 and earlier
VMware ACE 2.0.3 and earlier
VMware Fusion 1.1.1 and earlier

Windows based VMCI arbitrary code execution vulnerability...

VMware Host Guest File System (HGFS) shared folders...

:!:

Edited by apluswebmaster, 02 June 2008 - 01:17 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 05 June 2008 - 07:12 AM

FYI...

VMware ESX Server Multiple Security Updates
- http://secunia.com/advisories/30535/
Release Date: 2008-06-05
Critical: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x, VMware ESX Server 3.x
...fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system...
Solution: Apply patches...
Original Advisory:
http://www.vmware.co...-2008-0009.html
VMSA-2008-0009
"Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues..."

Also see: http://secunia.com/advisories/30556/

:!:

Edited by apluswebmaster, 06 June 2008 - 05:44 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 June 2008 - 05:44 AM

FYI...

VMSA-2008-0010
- http://www.vmware.co...-2008-0010.html
Synopsis: Updated Tomcat and Java JRE packages for VMware ESX 3.5
Issue date: 2008-06-16
Summary: Updated Tomcat and Java JRE packages for VMware ESX 3.5
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.co...chresources/726 for more information on VMware security best practices. The currently installed versions of Tomcat and JRE depend on your patch deployment history...

- http://www.vmware.co...ity/advisories/

- http://secunia.com/advisories/30676/
Release Date: 2008-06-17
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access...

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 13 August 2008 - 07:10 AM

FYI...

VMware updates for OpenSSL, net-snmp, and perl
- http://secunia.com/advisories/31467/
Release Date: 2008-08-13
Critical: Highly critical
Impact: Spoofing, DoS, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 3.x ...
Solution: Update to version 3.0.3 if possible or apply patches if available.
-- VMware ESX 3.0.1 and 3.0.2 --
Patches are not yet available. The vendor recommends to upgrade to version 3.0.3.
-- VMware ESX 3.5 --
Patches for CVE-2007-3108 and CVE-2007-5135 are available via VMSA-2008-0001...
Patches for the other issues are still pending.
Original Advisory: VMware VMSA-2008-0013:
http://www.vmware.co...-2008-0013.html ...

VMware ESXi OpenSSL vulns
- http://secunia.com/advisories/31489/
Release Date: 2008-08-13
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
OS: VMware ESXi 3.x...
...The vulnerabilities are reported in version 3.5. Other versions may also be affected.
Solution: Use in a trusted network environment only.
Original Advisory: VMware VMSA-2008-0013:
http://www.vmware.co...-2008-0013.html ...

VMware VirtualCenter User Account Disclosure - update available
- http://secunia.com/advisories/31468/
Release Date: 2008-08-13
Critical: Not critical
Impact: Exposure of system information
Where: From local network
Solution Status: Vendor Patch
Software: VMware VirtualCenter 2.x ...
Original Advisory: VMware VMSA-2008-0012:
http://www.vmware.co...-2008-0012.html ...

VMSA-2008-0012:
- http://nvd.nist.gov/...e=CVE-2008-3514

VMSA-2008-0013:
- http://nvd.nist.gov/...e=CVE-2007-3108
- http://nvd.nist.gov/...e=CVE-2007-5135
- http://nvd.nist.gov/...e=CVE-2008-0960
- http://nvd.nist.gov/...e=CVE-2008-1927
- http://nvd.nist.gov/...e=CVE-2008-2292

//

Edited by apluswebmaster, 16 August 2008 - 12:21 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 29 August 2008 - 09:46 PM

FYI...

- http://isc.sans.org/...ml?storyid=4949
Last Updated: 2008-08-29 22:20:32 UTC - "...VMware released updates for for ACE, Server, Player and Workstation products:

VMware ACE 2.0.5
- http://www.vmware.co....html#bugfix205
Release Date: August 28, 2008

VMware Player 2.0.5
- http://www.vmware.co....html#bugfix205
Release Date: August 28, 2008

VMware Server 1.0.7
- http://www.vmware.co....html#bugfix107
Release Date: August 28, 2008

VMware Workstation 6.0.5
- http://www.vmware.co....html#bugfix605
Release Date: August 28, 2008 ..."

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 02 September 2008 - 06:03 AM

FYI...

- http://isc.sans.org/...ml?storyid=4949
Last Updated: 2008-08-30 15:51:06 UTC ...(Version: 2)
"...Update: (2008-08-30-15:50 UTC) The VMware bulletin can be found at http://lists.vmware....008/000033.html ..."

http://secunia.com/advisories/31711/ - VMware Fusion Multiple Vulnerabilities
http://secunia.com/advisories/31710/ - VMware ACE Multiple Vulnerabilities
http://secunia.com/advisories/31709/ - VMware Player Multiple Vulnerabilities
http://secunia.com/advisories/31708/ - VMware Server Multiple Vulnerabilities
http://secunia.com/advisories/31707/ - VMware Workstation Multiple Vulnerabilities
Release Date: 2008-09-01

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 19 September 2008 - 05:33 AM

FYI...

VMWare ESX(i) 3.5 security patches
- http://isc.sans.org/...ml?storyid=5056
Last Updated: 2008-09-19 08:10:50 UTC - "VMWare released a new security patch and updated two old patches for ESX 3.5 and ESXi 3.5 today. The following patches are released and re-released:

VMSA-2008-0015: http://www.vmware.co...-2008-0015.html
Issue date: 2008-09-18
– fixing two remote buffer overflow vulnerabilities in openwsman which is installed and running by default.
VMSA-2008-0014: http://www.vmware.co...-2008-0014.html
Issue date: 2008-08-29 / Updated on: 2008-09-18
– added fixes for libpng and bind for ESX 3.5 servers
VMSA-2008-0013: http://www.vmware.co...-2008-0013.html
Issue date: 2008-08-12 / Updated on: 2008-09-18
– added fixes for net-snmp and perl for ESX 3.5 servers

- http://web.nvd.nist....d=CVE-2008-2234

- http://secunia.com/advisories/31942/

:!:

Edited by apluswebmaster, 19 September 2008 - 05:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 04 October 2008 - 11:47 AM

FYI...

VMware advisories and patches
- http://isc.sans.org/...ml?storyid=5123
Last Updated: 2008-10-04 14:09:17 UTC ...(Version: 3) - "VMware released the following new and updated security advisories on October 4th:
- VMSA-2008-0016 (new advisory)
http://www.vmware.co...-2008-0016.html
http://lists.vmware....008/000037.html
- VMSA-2008-0014.2 (updated advisory)
http://www.vmware.co...-2008-0014.html
http://lists.vmware....008/000038.html
These advisories list security issues that have been fixed in the following releases:
- VirtualCenter 2.5 Update 3 released on 10/3/08
- patches for ESXi and ESX 3.5 released on 10/3/08
- patches for ESX 3.0.1, 3.0.2, 3.0.3 released on 9/30/08
- new versions of VMware Workstation, Player, ACE, Server released on 7/28/08
The corresponding new blog entry is linked from http://www.vmware.co...ity/advisories/ ..."

Release Date: 2008-10-06
- http://secunia.com/advisories/32157/
- http://secunia.com/advisories/32179/
- http://secunia.com/advisories/32180/

- VMSA-2008-0016
http://web.nvd.nist....d=CVE-2008-3103
http://web.nvd.nist....d=CVE-2008-3104
http://web.nvd.nist....d=CVE-2008-3105
http://web.nvd.nist....d=CVE-2008-3106
http://web.nvd.nist....d=CVE-2008-3107
http://web.nvd.nist....d=CVE-2008-3108
http://web.nvd.nist....d=CVE-2008-3109
http://web.nvd.nist....d=CVE-2008-3110
http://web.nvd.nist....d=CVE-2008-3111
http://web.nvd.nist....d=CVE-2008-3112
http://web.nvd.nist....d=CVE-2008-3113
http://web.nvd.nist....d=CVE-2008-3114
http://web.nvd.nist....d=CVE-2008-3115
http://web.nvd.nist....d=CVE-2008-4278
http://web.nvd.nist....d=CVE-2008-4279

- VMSA-2008-0014.2
http://web.nvd.nist....d=CVE-2007-5269
http://web.nvd.nist....d=CVE-2007-5438
http://web.nvd.nist....d=CVE-2007-5503
http://web.nvd.nist....d=CVE-2008-1447
http://web.nvd.nist....d=CVE-2008-1806
http://web.nvd.nist....d=CVE-2008-1807
http://web.nvd.nist....d=CVE-2008-1808
http://web.nvd.nist....d=CVE-2008-2101
http://web.nvd.nist....d=CVE-2008-3691
http://web.nvd.nist....d=CVE-2008-3692
http://web.nvd.nist....d=CVE-2008-3693
http://web.nvd.nist....d=CVE-2008-3694
http://web.nvd.nist....d=CVE-2008-3695
http://web.nvd.nist....d=CVE-2008-3696
http://web.nvd.nist....d=CVE-2008-3697
http://web.nvd.nist....d=CVE-2008-3698

:!:

Edited by apluswebmaster, 06 October 2008 - 05:00 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 31 October 2008 - 05:49 AM

FYI...

VMSA-2008-0017
- http://lists.vmware....008/000039.html
Issue date: 2008-10-31

VMSA-2008-0014.3 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues
- http://lists.vmware....008/000040.html

VMSA-2008-0011.3 Updated ESX service console packages for Samba and vmnix
- http://lists.vmware....008/000041.html

- http://secunia.com/advisories/32488/
Release Date: 2008-10-31
Critical: Moderately critical

- http://www.vmware.co...-2008-0017.html
Synopsis: Updated ESX packages for libxml2, ucd-snmp, libtiff
Issue date: 2008-10-31 ...

:!:

Edited by apluswebmaster, 31 October 2008 - 05:14 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 November 2008 - 06:39 AM

FYI...

VMware - VMSA-2008-0018
- http://lists.vmware....008/000042.html
Nov 6, 2008
Advisory ID: VMSA-2008-0018
Synopsis: VMware Hosted products and patches for ESX and ESXi resolve two security issues
Issue date: 2008-11-06
Updated on: 2008-11-06 (initial release of advisory)
CVE numbers: CVE-2008-4915 CVE-2008-4281
> Summary: VMware Hosted products and patches for ESX and ESXi resolve multiple security issues. A flaw in the CPU hardware emulation may allow for a privilege escalation on virtual machine guest operating systems. In addition a directory traversal issue is resolved.
> Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware ACE 2.0.5 and earlier,
VMware ACE 1.0.7 and earlier,
VMware Server 1.0.7 and earlier.
VMware ESXi 3.5 without patch ESXe350-200810401-O-UG
VMware ESX 3.5 without patch ESX350-200810201-UG
VMware ESX 3.0.3 without patch ESX303-200810501-BG
VMware ESX 3.0.2 without patch ESX-1006680
VMware ESX 2.5.5 without upgrade patch 10 or later
VMware ESX 2.5.4 without upgrade patch 21

NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products.

Extended support (Security and Bug fixes) for ESX 3.0.2 ended on 2008-10-29 and Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available..."

VMSA-2008-0018
- http://www.vmware.co...-2008-0018.html
2008-11-06

Edited by apluswebmaster, 07 November 2008 - 06:00 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 November 2008 - 10:48 AM

FYI...

VMware - VMSA-2008-0016.1
- http://lists.vmware....008/000043.html
Advisory ID: VMSA-2008-0016.1
Synopsis: VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues.
Issue date: 2008-10-03
Updated on: 2008-11-06
CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103 CVE-2008-3104 CVE-2008-3105 CVE-2008-3106 CVE-2008-3107 CVE-2008-3108 CVE-2008-3109 CVE-2008-3110 CVE-2008-3111 CVE-2008-3112CVE-2008-3113 CVE-2008-3114 CVE-2008-3115
- ------------------------------------------------------------------------
Summary:
VMware addresses a in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages.
- -----------------
Relevant releases:
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
VMware Server 1.0.6 and earlier,
VMware ESXi 3.5 without patch ESXe350-200809401-I-SG
VMware ESX 3.5 without patches ESX350-200809404-SG, ESX350-200810215-UG
VMware ESX 3.0.3 without patch ESX303-200809401-SG
VMware ESX 3.0.2 without patch ESX-1006361
VMware ESX 3.0.1 without patch ESX-1006678...

VMSA-2008-0016.1
- http://www.vmware.co...-2008-0016.html
Updated on: 2008-11-06

Edited by apluswebmaster, 07 November 2008 - 06:01 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 03 December 2008 - 07:26 AM

FYI...

VMSA-2008-0019
- http://lists.vmware....008/000046.html
Dec 2 21:08:59 PST 2008 - "VMware Security Advisory
Advisory ID: VMSA-2008-0019
Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
Issue date: 2008-12-02
Updated on: 2008-12-02 (initial release of advisory)
CVE numbers: CVE-2008-4917 CVE-2008-1372
Summary:
Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console...
Relevant releases:
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware Server 1.0.9 and earlier,
VMware ESXi 3.5 without patch ESXe350-200811401-O-SG
VMware ESX 3.5 without patches ESX350-200811406-SG and
ESX350-200811401-SG
VMware ESX 3.0.3 without patches ESX303-200811404-SG and
ESX303-200811401-BG
VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982
NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available...
Problem Description: Critical Memory corruption vulnerability..."

VMSA-2008-0017.2
- http://lists.vmware....008/000047.html
Dec 2 21:13:08 PST 2008 - "VMware Security Advisory
Advisory ID: VMSA-2008-0017.2
Synopsis: Updated ESX packages for libxml2, ucd-snmp, libtiff
Issue date: 2008-10-31
Updated on: 2008-12-02
CVE numbers: CVE-2008-3281 CVE-2008-0960 CVE-2008-2327 CVE-2008-3529
Summary:
Updated ESX packages for libxml2, ucd-snmp, libtiff.
Relevant releases:
ESX 3.0.3 without patch ESX303-200810503-SG
ESX 3.0.2 without patch ESX-1006968
ESX 2.5.5 before Upgrade Patch 10
ESX 2.5.4 before Upgrade Patch 21...
Problem Description:
Updated ESX Service Console package libxml2..."

// http://secunia.com/advisories/32965/ - http://secunia.com/advisories/32952/

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 31 December 2008 - 02:30 PM

FYI...

VMSA-2008-0019.1
- http://lists.vmware....008/000048.html
Change log
2008-12-30 VMSA-2008-0019.1
Updated for the ESX 2.5.5 Update 11 patch for bzip2 released on 2008-12-30...

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 31 January 2009 - 08:58 AM

FYI...

VMware updates...
- http://isc.sans.org/...ml?storyid=5770
Last Updated: 2009-01-31 13:39:22 UTC - "VMware issued a number of fixes for VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2...
- CVE-2008-4914 (corrupt VMDK delta file crash)
- CVE-2008-4309 (snmp getbulk DoS)
- CVE-2008-4226
- CVE-2008-4225 (both libxml2).
Announcement: http://lists.vmware....009/000049.html "

- http://secunia.com/advisories/33746/

- http://secunia.com/advisories/33776/

VMSA-2009-0001
- http://www.vmware.co...-2009-0001.html

:!:

Edited by apluswebmaster, 03 February 2009 - 09:02 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 24 February 2009 - 11:14 AM

FYI...

VMSA-2009-0002 VirtualCenter Update...
- http://secunia.com/advisories/33999/
Release Date: 2009-02-24
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
...update for VMware VirtualCenter. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information...
VMSA-2009-0002:
http://lists.vmware....009/000050.html
Feb 23, 2009

- http://secunia.com/advisories/34013/
Release Date: 2009-02-24
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Unpatched...
...VMware has acknowledged some vulnerabilities in multiple VMware products, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information...
OS: VMware ESX Server 3.x
Software: VMware Server 2.x, VMware VirtualCenter 2.x...
Solution: Restrict Tomcat access to trusted users only until patches are available...
VMSA-2009-0002:
http://lists.vmware....009/000050.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 27 February 2009 - 10:39 AM

FYI...

VMware ESX Server update for ed
- http://secunia.com/advisories/34079/
Release Date: 2009-02-27
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x ...
Original Advisory:
http://www.vmware.co...-2009-0003.html ...

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 April 2009 - 09:24 AM

FYI...

VMware - VMSA-2009-0004
- http://secunia.com/advisories/34530/
Release Date: 2009-04-01
Critical: Moderately critical
Impact: Spoofing, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 2.x, VMware ESX Server 3.x ...
- http://secunia.com/advisories/34530/2/
Original Advisory: http://www.vmware.co...-2009-0004.html
Advisory ID: VMSA-2009-0004
Synopsis: ESX Service Console updates for openssl, bind, and vim ...
CVE numbers:
http://web.nvd.nist....d=CVE-2007-2953
http://web.nvd.nist....d=CVE-2008-2712
http://web.nvd.nist....d=CVE-2008-3432
http://web.nvd.nist....d=CVE-2008-4101
http://web.nvd.nist....d=CVE-2008-5077
http://web.nvd.nist....d=CVE-2009-0025

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 04 April 2009 - 05:03 AM

FYI...

VMware - VMSA-2009-0005
- http://lists.vmware....009/000054.html
Synopsis: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
Issue date: 2009-04-03 ...
a. Denial of service guest to host vulnerability in a virtual device ...
b. Windows-based host denial of service vulnerability in hcmon.sys ...
c. A VMCI privilege escalation on Windows-based hosts or Windows-based guests...
d. VNnc Codec Heap Overflow vulnerabilities ...
e. ACE shared folders vulnerability...
f. A remote denial of service vulnerability in authd for Windows based hosts...
g. VI Client Retains VirtualCenter Server Password in Memory ...
Solution: Please review the patch/release notes for your product and version...

VMSA-2009-0005
- http://www.vmware.co...-2009-0005.html

CVE numbers:
http://web.nvd.nist....d=CVE-2008-3761
http://web.nvd.nist....d=CVE-2008-4916
http://web.nvd.nist....d=CVE-2009-0177
http://web.nvd.nist....d=CVE-2009-0518
http://web.nvd.nist....d=CVE-2009-0908
http://web.nvd.nist....d=CVE-2009-0909
http://web.nvd.nist....d=CVE-2009-0910
http://web.nvd.nist....d=CVE-2009-1146
http://web.nvd.nist....d=CVE-2009-1147

:!:

Edited by apluswebmaster, 06 April 2009 - 03:06 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 11 April 2009 - 07:54 AM

FYI...

VMware VMSA-2009-0006
- http://www.vmware.co...-2009-0006.html
Advisory ID: VMSA-2009-0006
Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
Issue date: 2009-04-10
1. Summary: Updated VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability.
2. Relevant releases
VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 2.0,
VMware Server 1.0.8 and earlier, VMware Fusion 2.0.3 and earlier, VMware ESXi 3.5 without patch ESXe350-200904201-O-SG, VMware ESX 3.5 without patch ESX350-200904201-SG, VMware ESX 3.0.3 without patch ESX303-200904403-SG, VMware ESX 3.0.2 without patch ESX-1008421...
3. Problem Description
Host code execution vulnerability from a guest operating system.
A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.
This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03...
- http://lists.vmware....009/000055.html

- http://www.vmware.co...ity/advisories/

- http://web.nvd.nist....d=CVE-2009-1244
Last revised: 04/13/2009

:!:

Edited by apluswebmaster, 13 April 2009 - 11:59 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 29 May 2009 - 05:21 AM

FYI...

VMware ESX update for libpng
- http://secunia.com/advisories/35258/2/
Release Date: 2009-05-29
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x
Solution: ESX 2.5.5: Apply Upgrade Patch 13...
Original Advisory: VMSA-2009-0007*...

- http://secunia.com/advisories/35269/2/
OS: VMware ESX Server 3.x, VMware ESXi 3.x
Software: VMWare ACE 2.x, VMware Fusion 2.x, VMWare Player 2.x, VMware Server 1.x, VMware Server 2.x, VMware Workstation 6.x...
Solution: Update to a fixed version. Please see vendor advisory for additional information regarding VMware Tools update requirements.
Original Advisory: VMSA-2009-0007*...

VMware VMSA-2009-0007
* http://www.vmware.co...-2009-0007.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 July 2009 - 05:56 AM

FYI...

VMware ESX Server update for krb5
- http://secunia.com/advisories/35667/2/
Release Date: 2009-07-01
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 2.x, VMware ESX Server 3.x
Solution: Apply patches.
ESX 3.5: Apply ESX350-200906407-SG.
http://download3.vmw...00906407-SG.zip
ESX 2.5.5, 3.0.2, 3.0.3, and 4.0:
Patches are not yet available. Restrict access to Kerberos services if present (not installed by default).
Original Advisory: VMSA-2009-0008:
http://lists.vmware....009/000059.html ...

- http://cve.mitre.org...e=CVE-2009-0846

:blink:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 11 July 2009 - 03:22 AM

FYI...

VMWare security advisories - VMSA-2009-0009 / VMSA-2009-0008
- http://isc.sans.org/...ml?storyid=6766
Last Updated: 2009-07-11 03:36:00 UTC - "... updates to the ESX Service Console:
> http://lists.vmware....009/000060.html
Jul 10 17:03:28 PDT 2009
VMSA-2009-0009, a new advisory concerning ESX Service Console updates for udev, sudo, and curl.
> http://lists.vmware....009/000061.html
Jul 10 17:37:00 PDT 2009
VMSA-2009-0008, an advisory from June 30th, has been updated. It is an ESX Service Console update for krb5..."

- http://www.vmware.co...-2009-0009.html

- http://www.vmware.co...-2009-0008.html

:ph34r:

Edited by apluswebmaster, 11 July 2009 - 03:29 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 August 2009 - 06:50 AM

FYI...

VMware Hosted products update libpng and Apache HTTP Server
- http://secunia.com/advisories/36379/2/
Release Date: 2009-08-21
Critical: Moderately critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: VMWare ACE 2.x, VMWare Player 2.x, VMware Workstation 6.x
Original Advisory: VMSA-2009-0010:
http://lists.vmware....009/000062.html
CVE numbers: CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005

> http://www.vmware.co...#resolvedissues

> http://www.vmware.co...#resolvedissues

> http://www.vmware.co...#resolvedissues

:ph34r:

Edited by apluswebmaster, 21 August 2009 - 07:29 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 September 2009 - 11:38 AM

FYI...

VMware VMSA-2009-0012
VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues
- http://lists.vmware....009/000065.html
2009-09-04 - "... Initial security advisory after release of Workstation Movie Decoder on 2009-09-04. The corresponding updated versions of Workstation, Player and ACE were released on 2009-08-20..."

> http://www.vmware.co...ity/advisories/

- http://secunia.com/advisories/34938/2/
Release Date: 2009-09-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Software: VMware Workstation Movie Decoder 6.x...
Solution: Update to version 6.5.3 build 185404...

http://cve.mitre.org...e=CVE-2009-0199
http://cve.mitre.org...e=CVE-2009-2628

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 03 October 2009 - 06:37 PM

FYI...

VMware vuln - update available
- http://secunia.com/advisories/36928/2/
Release Date: 2009-10-02
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: VMware Fusion 2.x ...
Solution: Update to version 2.0.6 build 196839.
Original Advisory: VMSA-2009-0013:
http://lists.vmware....009/000066.html

> http://www.vmware.co...-2009-0013.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 October 2009 - 12:42 PM

FYI...

VMware - VMSA-2009-0014
- http://www.vmware.co...-2009-0014.html
Synopsis: VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues.
Issue date: 2009-10-16
CVE numbers: CVE-2009-0692 CVE-2009-1893 CVE-2009-0692
CVE-2008-4210 CVE-2008-3275 CVE-2008-5356
CVE-2008-0598 CVE-2008-2136 CVE-2008-2812
CVE-2007-6063 CVE-2008-3525 CVE-2008-2086
CVE-2008-5347 CVE-2008-5348 CVE-2008-5349
CVE-2008-5350 CVE-2008-5351 CVE-2008-5352
CVE-2008-5353 CVE-2008-5354 CVE-2008-5357
CVE-2008-5358 CVE-2008-5359 CVE-2008-5360
CVE-2008-5339 CVE-2008-5342 CVE-2008-5344
CVE-2008-5345 CVE-2008-5346 CVE-2008-5340
CVE-2008-5341 CVE-2008-5343 CVE-2008-5355
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
CVE-2009-1105 CVE-2009-1106 CVE-2009-1107

VMSA-2009-0002.1 VirtualCenter Update 4 and ESX patch update
- http://lists.vmware....009/000068.html
2009-10-16

:ph34r:

Edited by apluswebmaster, 17 October 2009 - 12:42 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 27 October 2009 - 05:14 PM

FYI...

VMSA-2009-0015 - VMware Security Advisory
- http://lists.vmware....009/000069.html
2009-10-27
CVE numbers: CVE-2009-2267, CVE-2009-3733...
Initial security advisory after release of Server 1.0.10, Server 2.0.2 and Upgrade Patch 15 for ESX 2.5.5 on 2009-10-27. The versions of Workstation, Player, ACE, Fusion, and patches for ESXi 4.0, ESXi 3.5, ESX 4.0, ESX 3.5, ESX 3.0.3 mentioned above have already been released..."

- http://www.vmware.co...-2009-0015.html

:ph34r:

Edited by apluswebmaster, 28 October 2009 - 08:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 November 2009 - 11:45 AM

FYI...

VMware Security Advisory - VMSA-2009-0016
- http://www.vmware.co...-2009-0016.html
Nov 20, 2009 - "... Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds..."

- http://secunia.com/advisories/37470/2/

- http://secunia.com/advisories/37471/2/

- http://secunia.com/advisories/37460/2/

:ph34r: :ph34r:

Edited by apluswebmaster, 24 November 2009 - 07:40 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 16 December 2009 - 01:13 PM

FYI..

VMSA-2009-0017 - Security Advisory
- http://www.vmware.co...-2009-0017.html
Synopsis: VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues
Issue date: 2009-12-15
CVE numbers: CVE-2009-3731 ...
Summary:
VMware vCenter and ESX update releases address cross-site scripting issues in the Help functionality of WebAccess. A vCenter Lab Manager release addresses the same issues which are present in the online Help functionality of Lab Manager and Stage Manager..."

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 January 2010 - 12:36 PM

FYI...

VMSA-2010-0001 - ESX Service Console updates...
- http://secunia.com/advisories/38091/2/
Release Date: 2010-01-07
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 4.x
Software: VMware vMA 4.x...
Solution:
VMware ESX 4.0: Apply ESX400-200912403-SG.
VMware vMA (on RHEL5) 4.0: A patch is still pending.
Original Advisory: VMSA-2010-0001:
http://lists.vmware....010/000075.html ...

- http://www.vmware.co...-2010-0001.html

- http://secunia.com/advisories/38091/3/
CVE reference: CVE-2009-1563, CVE-2009-2404, CVE-2009-2408, CVE-2009-2409, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,
CVE-2009-3380, CVE-2009-3382
___

- http://www.us-cert.g...urity_advisory3
"... Additionally, VMware has updated two previously released advisories: VMSA-2009-0014.2 that addresses vulnerabilities in the DHCP, Service Console Kernel, and Java JRE packages for ESX, and VMSA-2009-0004.3 that addresses vulnerabilities in the OpenSSL, BIND, and Vim packages for ESX.
... review VMware Security Advisory... VMSA-2009-0014.2*, and VMSA-2009-0004.3** and apply any necessary updates to help mitigate the risks.
* http://lists.vmware....010/000076.html
** http://lists.vmware....010/000077.html

:ph34r:

Edited by apluswebmaster, 09 January 2010 - 07:59 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 30 January 2010 - 04:18 PM

FYI...

New and updated VMWare advisories
- http://isc.sans.org/...ml?storyid=8122
Last Updated: 2010-01-30 11:04:17 UTC - "Today VMware has released the following new and updated security advisories:
New - VMSA-2010-0002:
- http://lists.vmware....010/000078.html
This is described as - VMware vCenter update release addresses multiple security issues in Java JRE. The JRE is updated to version 1.5.0_22 and this covers a *lot* of CVE's.
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718
CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724
CVE-2009-3728 CVE-2009-3729 CVE-2009-3864 CVE-2009-3865 CVE-2009-3866 CVE-2009-3867
CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874
CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881
CVE-2009-3882 CVE-2009-3883 CVE-2009-3884 CVE-2009-3886 CVE-2009-3885

Updated - VMSA-2009-0016.2:
- http://lists.vmware....010/000079.html "

> http://www.vmware.com/security/advisories/VMSA-2010-0002.html

- http://secunia.com/advisories/38384/2/
Release Date: 2010-02-01
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Software: VMware VirtualCenter 2.x
Solution: VMware VirtualCenter 2.5: Update to version 2.5 update 6.
VMware VirtualCenter 2.0.2: A patch is pending.
Original Advisory: VMSA-2010-0002:
http://lists.vmware....010/000078.html

- http://secunia.com/advisories/38438/2/
Release Date: 2010-02-01
Critical: Highly critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
OS: VMware ESX Server 3.x, VMware ESX Server 4.x
Original Advisory: VMSA-2010-0002:
http://lists.vmware....010/000078.html

:ph34r:

Edited by apluswebmaster, 01 February 2010 - 11:49 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 February 2010 - 06:51 AM

FYI...

VMSA-2010-0003 - VMware ESX Server update
- http://secunia.com/advisories/38562/
Release Date: 2010-02-17
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Operating System: VMware ESX Server 3.x
Original Advisory: VMSA-2010-0003:
http://lists.vmware....010/000080.html

- http://www.vmware.co...-2010-0003.html

Multiple Security Updates for ESX 3.x and ESXi 3.x
- http://isc.sans.org/...ml?storyid=8254
Last Updated: 2010-02-17 14:26:08 UTC

:ph34r:

Edited by apluswebmaster, 20 February 2010 - 03:27 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 04 March 2010 - 07:22 AM

FYI...

VMSA-2010-0004 - VMware ESX Servers...

- http://www.vmware.co...-2010-0004.html

- http://secunia.com/advisories/38833/
Release Date: 2010-03-04
Criticality level: Moderately critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Operating System: VMware ESX Server 4.x
Solution: Apply ESX400-201002404-SG, ESX400-201002407-SG, and ESX400-201002406-SG:
Original Advisory: VMSA-2010-0004:
http://lists.vmware....010/000082.html

- http://secunia.com/advisories/38794/
Release Date: 2010-03-04
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: VMware vMA 4.x
Solution: Apply vMA 4.0 Patch 3.
Original Advisory: VMSA-2010-0004:
http://lists.vmware....010/000082.html

- http://secunia.com/advisories/38834/
Release Date: 2010-03-04
Criticality level: Less critical
Impact: Spoofing, Exposure of sensitive information, Privilege escalation, DoS
Where: From local network
Solution Status: Unpatched
Operating System: VMware ESX Server 4.x
Original Advisory: VMSA-2010-0004:
http://lists.vmware....010/000082.html
Mar 3, 2010 - "... table lists what action remediates the vulnerability..."

- http://secunia.com/advisories/38832/
Release Date: 2010-03-04
Criticality level: Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
Operating System: VMware ESX Server 2.x, VMware ESX Server 3.x
Solution: Restrict network access to trusted users only.
Original Advisory: VMSA-2010-0004:
http://lists.vmware....010/000082.html

- http://lists.vmware....10/subject.html

:ph34r:

Edited by apluswebmaster, 06 March 2010 - 06:28 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 09 March 2010 - 02:32 PM

FYI...

VMware updates...
- http://lists.vmware....date.html#start
Mar 8, 2010
UPDATED VMSA-2010-0003.1 ESX Service Console update for net-snmp...
UPDATED VMSA-2010-0001.1 ESX Service Console and vMA updates for nss and nspr
UPDATED VMSA-2009-0016.4 VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 30 March 2010 - 05:59 AM

FYI...

VMSA-2010-0005 VMware
- http://www.vmware.co...-2010-0005.html

- http://lists.vmware....010/000086.html
Synopsis: VMware products address vulnerabilities in WebAccess
Updated on: 2010-03-29 (initial release of advisory)
CVE numbers: CVE-2009-2277, CVE-2010-1137, CVE-2010-0686, CVE-2010-1193

- http://isc.sans.org/...ml?storyid=8536
Last Updated: 2010-03-30 06:11:33 UTC
VMSA-2010-0005
http://lists.vmware....010/000086.html
Updated - VMSA-2009-0016.5
http://lists.vmware....010/000087.html
Update - VMSA-2010-0002.1
http://lists.vmware....010/000088.html

- http://lists.vmware....date.html#start

- http://secunia.com/advisories/39189/

- http://secunia.com/advisories/39197/

- http://secunia.com/advisories/39172/

- http://secunia.com/advisories/39171/

:ph34r:

Edited by apluswebmaster, 01 April 2010 - 01:21 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 02 April 2010 - 11:09 AM

FYI...

VMSA-2010-0006 ESX Service Console updates for samba and acpid

- http://www.vmware.co...-2010-0006.html

- http://lists.vmware....010/000089.html
Apr 1 12:28:43 PDT 2010

Synopsis: ESX Service Console updates for samba and acpid
CVE numbers: CVE-2009-2906, CVE-2009-1888, CVE-2009-2813, CVE-2009-2948, CVE-2009-0798

- http://secunia.com/advisories/39147/
- http://secunia.com/advisories/39162/
- http://secunia.com/advisories/39218/

:ph34r:

Edited by apluswebmaster, 05 April 2010 - 05:48 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 09 April 2010 - 08:14 AM

FYI...

VMSA-2010-0007.1
VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
- http://www.vmware.co...-2010-0007.html
Updated on: 2010-04-12

- http://lists.vmware....010/000090.html
Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues...
Issue date: 2010-04-09
CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042 CVE-2009-1564 CVE-2009-1565 CVE-2009-3732 CVE-2009-3707 CVE-2010-1138 CVE-2010-1139 CVE-2010-1141.
Change log: 2010-04-09 VMSA-2010-0007
Initial security advisory after release of Workstation 6.5.4 and Fusion 2.0.7 on 2010-04-08...

- http://www.us-cert.g..._advisory_vmsa4
April 9, 2010 - "... Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cause a denial-of-service condition..."

- http://secunia.com/advisories/39206/
- http://secunia.com/advisories/39203/
- http://secunia.com/advisories/39201/
- http://secunia.com/advisories/39198/
- http://secunia.com/advisories/39110/
- http://secunia.com/advisories/36712/

:ph34r:

Edited by apluswebmaster, 13 April 2010 - 01:21 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 06 May 2010 - 04:38 PM

FYI...

VMSA-2010-0008 VMware...

- http://www.vmware.co...-2010-0008.html

- http://lists.vmware....010/000092.html
May 5, 2010 - "Advisory ID: VMSA-2010-0008
Synopsis: VMware View 3.1.3 addresses an important cross-site scripting vulnerability
Issue date: 2010-05-05
CVE numbers: CVE-2010-1143 ...

Release notes
- http://www.vmware.co...manager313.html
View Manager Version 3.1.3
05 May 2010
Build: 252693 (View Manager), 161885 (View Composer)

Resolved Issues...
- http://www.vmware.co...tml#fixedissues

:ph34r:

Edited by apluswebmaster, 06 May 2010 - 09:45 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 28 May 2010 - 01:10 PM

FYI...

VMSA-2010-0009 ESXi utilities and ESX Service Console third party updates

- http://www.vmware.co...-2010-0009.html

- http://lists.vmware....010/000093.html
May 27, 2010 - Advisory ID: VMSA-2010-0009
Synopsis: ESXi utilities and ESX Service Console third party updates
Updated on: 2010-05-27 (initial release of advisory)
CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-3563 CVE-2009-4355 CVE-2009-2409 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-4212 CVE-2009-1384 CVE-2010-0097 CVE-2010-0290 CVE-2009-3736 CVE-2010-0001 CVE-2010-0426 CVE-2010-0427 CVE-2010-0382
------------------------------------------------------------------------
Summary: ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo...

VMSA-2010-0004.1 ESX Service Console and vMA third party updates
- http://lists.vmware....010/000094.html
May 27, 2010

VMSA-2010-0002.1 VMware vCenter update release addresses multiple security issues in Java JRE
- http://lists.vmware....010/000095.html
May 27, 2010

VMSA-2010-0002.2 VMware vCenter update release addresses multiple security issues in Java JRE
- http://lists.vmware....010/000096.html
May 27, 2010

(-All- Secunia advisories listed below related to VMSA-2010-0009)

VMware vMA sudo Privilege Escalation Security Issues
- http://secunia.com/advisories/39981/
VMware vMA gzip "unlzw()" Integer Underflow Vulnerability
- http://secunia.com/advisories/39980/
VMware vMA GCC libtool Search Path Privilege Escalation Security Issue
- http://secunia.com/advisories/39979/
VMware vMA OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
- http://secunia.com/advisories/39976/
VMware ESX GCC libtool Search Path Privilege Escalation Security Issue
- http://secunia.com/advisories/39974/
VMware ESX Multiple krb5 Vulnerabilities
- http://secunia.com/advisories/39973/
VMware ESXi ntp Mode 7 Request Denial of Service
- http://secunia.com/advisories/39972/
VMware ESXi update for ntp
- http://secunia.com/advisories/39971/
VMware vMA kernel Multiple Vulnerabilities
- http://secunia.com/advisories/39920/
VMware vMA Multiple krb5 Vulnerabilities
- http://secunia.com/advisories/39977/
VMware ESX gzip "unlzw()" Integer Underflow Vulnerability
- http://secunia.com/advisories/39975/
VMware vMA ISC BIND DNSSEC CNAME / DNAME and NXDOMAIN Cache Poisoning
- http://secunia.com/advisories/39978/

:ph34r:

Edited by apluswebmaster, 29 May 2010 - 12:16 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 25 June 2010 - 05:07 AM

FYI...

VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

- http://www.vmware.co...-2010-0010.html

- http://lists.vmware....010/000098.html
Jun 24 22:37:26 PDT 2010 - "Advisory ID: VMSA-2010-0010
Synopsis: ESX 3.5 third party update for Service Console kernel
Issue date: 2010-06-24
Updated on: 2010-06-24 (initial release of advisory)
CVE numbers: CVE-2008-5029 CVE-2008-5300 CVE-2009-1337 CVE-2009-1385 CVE-2009-1895 CVE-2009-2848 CVE-2009-3002 CVE-2009-3547 CVE-2009-2698 CVE-2009-2692
- ------------------------------------------------------------------------
1. Summary: ESX 3.5 Console OS (COS) updates for COS package 'kernel'...
4. Solution: ... http://kb.vmware.com/kb/1022899 ...

- http://secunia.com/advisories/40368/
Release Date: 2010-06-25
Criticality level: Less critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS
Where: From local network
Solution: Apply patch.

UPDATED VMSA-2010-0009.1 ESXi ntp and ESX Service Console third party updates
- http://lists.vmware....010/000099.html
Issue date: 2010-05-27
Updated on: 2010-06-24

UPDATED VMSA-2010-0004.2 ESX Service Console and vMA third party updates
- http://lists.vmware....010/000100.html
Issue date: 2010-03-03
Updated on: 2010-06-24

:ph34r:

Edited by apluswebmaster, 25 June 2010 - 12:13 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 13 July 2010 - 05:31 AM

FYI...

VMSA-2010-0011 - VMware Studio
- http://secunia.com/advisories/40507/
Release Date: 2010-07-13
Impact: Privilege escalation, System access
Where: From local network
Solution Status: Vendor Patch
CVE Reference(s): CVE-2010-2427, CVE-2010-2667
Original Advisory: VMSA-2010-0011:
http://www.wmware.co...-2010-0011.html
Summary: VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0...

- http://securitytrack...ul/1024187.html
July 13 2010

:ph34r:

Edited by apluswebmaster, 13 July 2010 - 07:00 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 19 July 2010 - 09:20 PM

FYI...

VMSA-2010-0012 - VMware vCenter Update Manager fix for Jetty Web server...
- http://www.vmware.co...-2010-0012.html
"Summary: VMware vCenter Update Manager fix for Jetty Web server addresses important security vulnerabilities..."

- http://web.nvd.nist....d=CVE-2009-1523
CVSS v2 Base Score: 7.1 (HIGH)
- http://web.nvd.nist....d=CVE-2009-1524
CVSS v2 Base Score: 4.3 (MEDIUM)

- http://secunia.com/advisories/40577/
Release Date: 2010-07-20
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Original Advisory: VMSA-2010-0012:
- http://www.vmware.co...-2010-0012.html
VMware KB#1023962:
- http://kb.vmware.com...ernalId=1023962

:ph34r:

Edited by apluswebmaster, 20 July 2010 - 06:26 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 September 2010 - 12:32 PM

FYI...

- http://www.vmware.co...-2010-0013.html

VMSA-2010-0013 VMware ESX third party updates for Service Console
- http://lists.vmware....010/000103.html
Aug 31, 2010
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
CVE numbers: CVE-2005-4268 CVE-2010-0624 CVE-2010-2063 CVE-2010-1321 CVE-2010-1168 CVE-2010-1447 ...
Summary:ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba, tar, and cpio...

- http://secunia.com/advisories/41196/
Release Date: 2010-09-01
Impact: Security Bypass, DoS, System access
Where: From remote
Original Advisory: VMSA-2010-0013:
http://lists.vmware....010/000103.html

VMSA-2010-0004.3 ESX Service Console and vMA third party updates
- http://lists.vmware....010/000104.html
Aug 31, 2010
Synopsis: ESX Service Console and vMA third party updates
Issue date: 2010-03-03
Updated on: 2010-08-31
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-0590 CVE-2009-4022 CVE-2009-3560 CVE-2009-3720 CVE-2009-2904 CVE-2009-3563 CVE-2009-2695 CVE-2009-2849 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2008-3916 CVE-2009-1189 CVE-2009-0115
Summary: ESX Service Console updates for newt, nfs-utils, expat, ntp and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,bind, expat, openssh, ntp and kernel packages...

:ph34r:

Edited by apluswebmaster, 02 September 2010 - 05:24 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 24 September 2010 - 06:15 AM

FYI...

- http://www.vmware.co...-2010-0014.html
CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425

VMSA-2010-0014 VMware Workstation, Player, and ACE...
- http://lists.vmware....010/000105.html
Sep 23, 2010

- http://secunia.com/advisories/41574/
- http://secunia.com/advisories/41605/
- http://secunia.com/advisories/41606/
- http://secunia.com/advisories/41607/

- http://www.securityt....com/id?1024481

:ph34r:

Edited by apluswebmaster, 25 September 2010 - 03:44 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 30 September 2010 - 02:18 PM

FYI...

- http://www.vmware.co...-2010-0015.html

VMSA-2010-0015 VMware ESX third party updates for Service Console
- http://lists.vmware....010/000106.html
Sep 30, 2010
CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734 CVE-2010-1646 CVE-2009-3555 CVE-2009-2409 CVE-2009-3245 CVE-2010-0433 ...

- http://secunia.com/advisories/41618/
Release Date: 2010-09-30
Criticality level: Moderately critical
Impact: Unknown, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS
Where: From remote...
Original Advisory: VMSA-2010-0015:
http://lists.vmware....010/000106.html

:ph34r:

Edited by apluswebmaster, 01 October 2010 - 03:44 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!