Several products from VMWare have been disclosed with flaws that could cause some nasty consequences if exploited by malicious users. The affected products are VMWare ESX Server, VMWare ACE, VMWare Player, VMWare Server and VMWare Workstation. I will name the versions as well, later on, when I explain the vulnerabilities.
If a hacker took advantage of any of the next flaws he could cause privileges escalation, a denial of service, or even worse, he could get system access. There is no need to panic, though, an update to the latest version will get you safe again in no time!
There are 6 vulnerabilities that affect these products. Should a malicious user manage to cause a memory corruption on a certain host process he could then execute arbitrary code on the host system. Also, another error could help the hacker and cause a host process to crash. As seen on Secunia, these vulnerabilities affect VMWare ESX 3.0.1, 3.0.0, 2.5.4, 2.5.3, 2.1.3, and 2.0.2, VMWare Workstation 6.0.0 and 5.5.4, VMWare Player 2.0.0 and 1.0.4, VMWare Server 1.0.3, and VMWare ACE 2.0.0 and 1.0.3.
Integer overflows and underflows as well could cause an error in the DHCP server. As seen on Secunia, if a malicious user took advantage of this, he could cause a stack-based buffer overflow via a specially crafted DHCP packet. Also, with the same type of packet, one could execute arbitrary code, should he or she manage to exploit an improper handling of malformed DHCP packets.
The last, and probably the least serious reason to worry for those of you with the vulnerable software is the fact that insecure service permission may be used to gain escalated privileges. The vulnerabilities affect VMWare Workstation 6.0.0 and 5.5.4, VMWare Player 2.0.0 and 1.0.4, VMWare Server 1.0.3, and VMWare ACE 2.0.0 and 1.0.3, as Secunia informs us.
Get a better look at this vulnerability discussion, on Secunia's page, right
here.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
