fara_server
April 4th, 2012, 18:39
بنا به گزارش منتشر شده در وبسایت رسمی VMware به آدرس : VMware Virtualization Software for Desktops, Servers & Virtual Machines for Public and Private Cloud Solutions (http://www.vmware.com) دو آسیب پذیری در نسخه های VMware ESX Server و VMware ESXi وجود دارد که می توانید با نصب Patch مربوطه این ریسک های امنیتی را برطرف نمایید.
شرح بیشتر این آسیب پذیری ها :
VMware ESX Server Multiple Vulnerabilities
Description
VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
For more information:
SA45695 (http://secunia.com/SA45695/)
SA45897 (http://secunia.com/SA45897/)
SA46239 (http://secunia.com/SA46239/)
The vulnerabilities are reported in versions 4.1 and 4.0.
Solution
Apply patches if available.
Further details available in Customer Area (http://secunia.com/products/corporate/)
Original Advisory
VMSA-2012-0006 (http://www.vmware.com/security/advisories/VMSA-2012-0006.html)
Other references
Further details available in Customer Area (http://secunia.com/products/corporate/)
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability
Description
Derek Soeder has reported a vulnerability in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
The vulnerability is caused due to an error when handling certain backdoor I/O instructions and can be exploited to modify virtual DOS machine Read-Only Memory via a specially crafted request sent to the high-bandwidth backdoor port (0x5659).
The vulnerability is reported in ESX Server and ESXi versions 4.1, 4.0, and 3.5 running Windows XP 32-bit, Windows Server 2003 32-bit, and Windows Server 2003 R2 32-bit.
Solution
Apply patches.
Further details available in Customer Area (http://secunia.com/products/corporate/)
Provided and/or discovered by
Derek Soeder, Ridgeway Internet Security.
Changelog
Further details available in Customer Area (http://secunia.com/products/corporate/)
Original Advisory
VMware:
VMSA-2012-0006 (http://www.vmware.com/security/advisories/VMSA-2012-0006.html)
Derek Soeder:
NEOHAPSIS - Peace of Mind Through Integrity and Insight (http://archives.neohapsis.com/archives/bugtraq/2012-03/0173.html)
برای کسب اطلاعات بیشتر به لینکهای زیر مراجعه بفرمایید :
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability - Secunia.com (http://secunia.com/advisories/48669)
VMware ESX Server Multiple Vulnerabilities - Secunia.com (http://secunia.com/advisories/48612)
---------
شرح بیشتر این آسیب پذیری ها :
VMware ESX Server Multiple Vulnerabilities
Description
VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
For more information:
SA45695 (http://secunia.com/SA45695/)
SA45897 (http://secunia.com/SA45897/)
SA46239 (http://secunia.com/SA46239/)
The vulnerabilities are reported in versions 4.1 and 4.0.
Solution
Apply patches if available.
Further details available in Customer Area (http://secunia.com/products/corporate/)
Original Advisory
VMSA-2012-0006 (http://www.vmware.com/security/advisories/VMSA-2012-0006.html)
Other references
Further details available in Customer Area (http://secunia.com/products/corporate/)
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability
Description
Derek Soeder has reported a vulnerability in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
The vulnerability is caused due to an error when handling certain backdoor I/O instructions and can be exploited to modify virtual DOS machine Read-Only Memory via a specially crafted request sent to the high-bandwidth backdoor port (0x5659).
The vulnerability is reported in ESX Server and ESXi versions 4.1, 4.0, and 3.5 running Windows XP 32-bit, Windows Server 2003 32-bit, and Windows Server 2003 R2 32-bit.
Solution
Apply patches.
Further details available in Customer Area (http://secunia.com/products/corporate/)
Provided and/or discovered by
Derek Soeder, Ridgeway Internet Security.
Changelog
Further details available in Customer Area (http://secunia.com/products/corporate/)
Original Advisory
VMware:
VMSA-2012-0006 (http://www.vmware.com/security/advisories/VMSA-2012-0006.html)
Derek Soeder:
NEOHAPSIS - Peace of Mind Through Integrity and Insight (http://archives.neohapsis.com/archives/bugtraq/2012-03/0173.html)
برای کسب اطلاعات بیشتر به لینکهای زیر مراجعه بفرمایید :
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability - Secunia.com (http://secunia.com/advisories/48669)
VMware ESX Server Multiple Vulnerabilities - Secunia.com (http://secunia.com/advisories/48612)
---------