Badges

gestaltitbadge

follow-me-twitter

Subscribe to me on FriendFeed

Comments / DISQUS
Tag Cloud
backup blades citrix esx esx esxi events free how to hp hyper-v ibm infosmack issues linux microsoft news P2V partner patch planning podcast replication SAN storage twitter ubuntu vcb vdi veeam virtualbox virtualcenter virtualization virtumania vmetc vmetc.com vmware vmware converter vmworld vmworld2007 vmworld2008 vmworld2009 vmworld 2009 vSphere windows
Feedjit.com
«
»

Updated VMware Hosted Products and ESX/ESXi Patches Fix Critical Security Vulnerability

PostDateIcon April 19th, 2009 | PostAuthorIcon Author: Rich Brambley

I am a little late relaying this important security vulnerability found in basically all VMware products. VMware publicly resolved this concern with patches and new product versions released as of April 10, 2009. I strongly suggest reviewing VMware’s Security Advisory VMSA-2009-0006 and upgrading or patching your respective product(s) as needed.

Some brief info and overview of the problem from the VMSA:

3. Problem Description

a. Host code execution vulnerability from a guest operating system

A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.

This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005
on 2009-04-03. That vulnerability can cause a potential denial of  service and is identified by CVE-2008-4916.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later
Fusion 2.x Mac OS/X 2.0.4 build 159196 or later
ESXi 3.5 ESXi ESXe350-200904201-O-SG
ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421
ESX 2.5.5 ESX

For more on the bug check out these posts/articles:

Related Posts

PostCategoryIcon Posted in patch, security, vmware | PostTagIcon Tags: , , , , , ,
«
»

Get My Podcast On iTunes!
Support VM /ETC
Support VMETC.com

Support VMETC.com

Free Business and Tech Magazines and eBooks
@rbrambley tweets
VMTN Roundtable Podcasts
Subscribe



Add to Google Reader or Homepage
Subscribe in NewsGator Online
Add to netvibes
Add to Plusmo

Facebook
VMETC
VMETC
Promote Your Page Too
License
Creative Commons License
www.vmetc.com by Richard Brambley is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 VM /ETC. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.