Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: VMWare ESX security patches - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMWare ESX security patches

VMWare have released a new security advisory, and has updated two previously announced advisories.

Details are available via the VMWare web site:

- VMSA-2008-0017 (new advisory)

Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.

CVE Reference: CVE-2008-3281

Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.

CVE Reference: CVE-2008-0960

Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

CVE Reference: CVE-2008-2327

- VMSA-2008-0014.3 (updated advisory)

This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.

- VMSA-2008-0011.3 (updated advisory)

This is an updated advisory which ESX products only, but covers 9 CVE's

These advisories list security issues that have been fixed in the patches for ESX 2.5.4, ESX 2.5.5., ESX 3.0.2 and ESX 3.0.3 released on 30th October.




89 Posts
Oct 31st 2008

Sign Up for Free or Log In to start participating in the conversation!