topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:22 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Vuln. Alert: VMWare ESX RCE  (Read 3592 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Vuln. Alert: VMWare ESX RCE
« on: September 22, 2008, 06:46 AM »
VMWare has patched two buffer overflows in its ESX server software that could potentially allow remote code execution by an unauthenticated party.

Screenshot - 22_09_2008 , 9_47_17 PM_thumb.png


VMware has fixed critical security bugs in two of its virtualization products that could allow a remote attacker to remotely install malware on a host machine.

The patches, which apply to ESXi and ESX 3.5, fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system.

Full Story

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Vuln. Alert: VMWare ESX RCE
« Reply #1 on: September 22, 2008, 10:36 AM »
Ugh, bug that allows to install malware on the host machine by attacking a virtualized guest? :o
- carpe noctem