VMware ESX Server and VirtualCenter Multiple Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
9 Jan 2008
5585
Views
RISK: Medium Risk
Multiple vulnerabilities have been identified in VMware ESX Server and VirtualCenter, which could be exploited by attackers to bypass security restrictions, disclose sensitive information or execute arbitrary commands and scripting code. These issues are caused by errors in Tomcat, JRE, OpenPegasus, Samba, util-linux, Perl, and OpenSSL.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- VMware ESX Server 2.x
- VMware ESX Server 3.x
- VMware VirtualCenter 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- ESX Server 3.0.2:
http://kb.vmware.com/kb/1002434 - ESX Server 3.0.1:
http://kb.vmware.com/kb/1003176 - ESX Server 3.x Patches:
http://www.vmware.com/download/vi/vi3_patches.html - ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html - ESX Server 2.5.5 Upgrade Patch 3:
http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz
http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html - ESX Server 2.5.4 Upgrade Patch 14:
http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz
http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html
Vulnerability Identifier
- CVE-2005-2090
- CVE-2006-7195
- CVE-2007-0450
- CVE-2007-2788
- CVE-2007-3004
- CVE-2007-4572
- CVE-2007-5116
- CVE-2007-5135
- CVE-2007-5191
- CVE-2007-5360
- CVE-2007-5398
Source
Related Link
- http://www.frsirt.com/english/advisories/2008/0065
- http://secunia.com/advisories/28365/
- http://lists.vmware.com/pipermail/security-announce/2008/000003.html
- http://www.frsirt.com/english/advisories/2008/0064
- http://secunia.com/advisories/28368/
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
Share with