---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Security Updates SECUNIA ADVISORY ID: SA24636 VERIFY ADVISORY: http://secunia.com/advisories/24636/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: VMware ESX Server 3.x http://secunia.com/product/10757/ VMware ESX Server 2.x http://secunia.com/product/2125/ DESCRIPTION: VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to overwrite arbitrary files, cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA21890 SA21996 SA23115 Additionally, VMware ESX Server was updated to protect against a guest kernel memory corruption, which could cause a DoS and an error within 64bit syscall instruction handling. This, in turn, could cause a panic in 64bit virtual machines. SOLUTION: Apply patches. Please see vendor advisory for details. ORIGINAL ADVISORY: http://kb.vmware.com/kb/5031800 http://kb.vmware.com/kb/5885387 http://kb.vmware.com/kb/6856573 http://kb.vmware.com/kb/3003211 http://kb.vmware.com/kb/3194055 http://kb.vmware.com/kb/3496682 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053268.html OTHER REFERENCES: SA21890: http://secunia.com/advisories/21890/ SA21996: http://secunia.com/advisories/21996/ SA23115: http://secunia.com/advisories/23115/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------