what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2008-0002

VMware Security Advisory 2008-0002
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated Tomcat and JRE security updates have been issued for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1.

tags | advisory
advisories | CVE-2005-2090, CVE-2006-7195, CVE-2007-0450, CVE-2007-3004
SHA-256 | d70ad50277bcd17773dae218bfe21840a7f7e10fd23649fa024d2109224a5aa9

VMware Security Advisory 2008-0002

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


- -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2008-0002
Synopsis: Low severity security update for VirtualCenter
and ESX Server 3.0.2, and ESX 3.0.1
Issue date: 2008-01-07
Updated on: 2008-01-07
CVE numbers: CVE-2005-2090 CVE-2006-7195
CVE-2007-0450 CVE-2007-3004
- -------------------------------------------------------------------

1. Summary:

Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX
Server 3.0.2, and ESX 3.0.1.

2. Relevant releases:

VirtualCenter Management Server 2
ESX Server 3.0.2 without patch ESX-1002434
ESX Server 3.0.1 without patch ESX-1003176

3. Problem description:

Updated VirtualCenter fixes the following application vulnerabilities

Tomcat Server Security Update
This release of VirtualCenter Server updates the Tomcat Server
package from 5.5.17 to 5.5.25, which addresses multiple security
issues that existed in the earlier releases of Tomcat Server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to
these issues.

JRE Security Update
This release of VirtualCenter Server updates the JRE package from
1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in
the earlier release of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-3004 to this issue.

NOTE: These vulnerabilities can be exploited remotely only if the
attacker has access to the service console network.

Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

VMware VirtualCenter 2.0.2 Update 2 Release Notes
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

VirtualCenter CD image
md5sum d7d98a5d7f8afff32cee848f860d3ba7

VirtualCenter as Zip
md5sum 3b42ec350121659e10352ca2d76e212b

ESX Server 3.0.2
http://kb.vmware.com/kb/1002434
md5sum: 2f52251f6ace3d50934344ef313539d5

ESX Server 3.0.1
http://kb.vmware.com/kb/1003176
md5sum: 5674ca0dcfac90726014cc316444996e

5. References:

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce@lists.vmware.com
* bugtraq@securityfocus.com
* full-disclosure@lists.grok.org.uk

E-mail: security@vmware.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHgthVS2KysvBH1xkRCPmqAJ0Vinlb3RZQH9syPorjnNJYkB+V/gCeN8pQ
3AnswXxHMvJR9mEM/eIymPM=
=CXyQ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close