Skip to main content

VMwareProducts DHCP and JRE Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 20 Oct 2009 5439 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by errors in DHCP and JRE.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • VMWare ESXi version 4.0
  • VMWare ESX version 4.0
  • VMWare vCenter version 4.0
  • VMWare VirtualCenter version 2.5
  • VMWare VirtualCenter version 2.0.2
  • VMWare Server version 2.0

Solutions

There is no patch available for this vulnerability currently.

Workaround

  • Do not visit untrusted websites or follow untrusted links.

  • Restrict network access to trusted users only.


  • Vulnerability Identifier


    Source


    Related Link