exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2006-0002.asc

VMware Security Advisory 2006-0002.asc
Posted Jun 3, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory VMSA-2006-0002 - VMware Server sensitive information lifetime issue.

tags | advisory
SHA-256 | 9416d428754ffc0b448019d32ca7dc292291475a2ce00dba7c1f89d1be10eda9

VMware Security Advisory 2006-0002.asc

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2006-0002
Synopsis: VMware Server sensitive information lifetime issue
Advisory URL: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124
Issue date: 2006-06-01
Updated on: 2006-06-01
CVE Name: CVE-2006-2662
Bugzilla Number: pr98108
- -------------------------------------------------------------------

1. Summary:

VMware Server doesn't limit the lifetime of sensitive data.

VMware has rated the severity of this issue as a Priority 3 issue
according to Vmware's Security Response Policy.

2. Relevant release:

VMware Server prior to RC-1.

3. Problem description:

When a console connection is made using VMware Server, user
credentials are kept in memory. In order for the attacker to
obtain information, they must have local access to the system
and read access to the memory, or access to memory crash
information.

This is only a danger if the attacker already has privileged
access to your system.

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-2662 to this issue.

4. Solution:

Upgrade to the latest packages: http://www.vmware.com/download/server/

7. References:

The VMware Server product page at:
http://www.vmware.com/products/server/

Understanding Data Lifetime via Whole System Simulation at:
http://www.stanford.edu/~blp/papers/taint.pdf

8. Acknowledgments

VMware would like to thank Bart Vanautgaerden for reporting this issue.

9. Contact:

http://www.vmware.com/security

The VMware Security Response Policy
http://www.vmware.com/support/policies/security_response.html

Copyright 2006 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEf5icLsZLrftG15MRAiV/AJsHZqGGq9yzH7KHFZtRgVXJQnRh5gCg1u76
V9M5Q2tIS8dcycQsjO8Ejjc=
=s5UB
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close