Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to overwrite arbitrary files, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d2c3455bb2e44d6d322132dd5927ea68577474efb484c40923d7401cf8492959
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
http://secunia.com/Linux_Security_Specialist/
----------------------------------------------------------------------
TITLE:
VMware ESX Server Multiple Security Updates
SECUNIA ADVISORY ID:
SA24636
VERIFY ADVISORY:
http://secunia.com/advisories/24636/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
VMware ESX Server 3.x
http://secunia.com/product/10757/
VMware ESX Server 2.x
http://secunia.com/product/2125/
DESCRIPTION:
VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, and by malicious people to overwrite
arbitrary files, cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
For more information:
SA21890
SA21996
SA23115
Additionally, VMware ESX Server was updated to protect against a
guest kernel memory corruption, which could cause a DoS and an error
within 64bit syscall instruction handling. This, in turn, could cause
a panic in 64bit virtual machines.
SOLUTION:
Apply patches. Please see vendor advisory for details.
ORIGINAL ADVISORY:
http://kb.vmware.com/kb/5031800
http://kb.vmware.com/kb/5885387
http://kb.vmware.com/kb/6856573
http://kb.vmware.com/kb/3003211
http://kb.vmware.com/kb/3194055
http://kb.vmware.com/kb/3496682
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053268.html
OTHER REFERENCES:
SA21890:
http://secunia.com/advisories/21890/
SA21996:
http://secunia.com/advisories/21996/
SA23115:
http://secunia.com/advisories/23115/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------