Vuln. Alert: VMWare ESX RCE

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

(1/1)

Ehtyar:
VMWare has patched two buffer overflows in its ESX server software that could potentially allow remote code execution by an unauthenticated party.

VMware has fixed critical security bugs in two of its virtualization products that could allow a remote attacker to remotely install malware on a host machine.

The patches, which apply to ESXi and ESX 3.5, fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system.

--- End quote ---

Full Story

Ehtyar.

f0dder:
Ugh, bug that allows to install malware on the host machine by attacking a virtualized guest? :o

Navigation

[0] Message Index

Go to full version