Skip to main content

VMware Products Multiple Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 24 Nov 2009 5317 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by errors in JRE, Tomcat, ntp, kernel, python, bind, libxml, libxml2, curl, and gnutil.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • VMware vCenter Server versions 4.x
  • VMware VirtualCenter versions 2.x
  • VMware Server versions 2.x
  • VMware ESX versions 4.x
  • VMware ESX versions 3.x
  • VMware ESXi versions 4.x
  • VMware ESXi versions 3.x
  • VMware vMA versions 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patches:
http://lists.vmware.com/pipermail/security-announce/2009/000070.html


Vulnerability Identifier


Source


Related Link