VMware Products Multiple Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 24 Nov 2009 4539 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by errors in JRE, Tomcat, ntp, kernel, python, bind, libxml, libxml2, curl, and gnutil.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • VMware vCenter Server versions 4.x
  • VMware VirtualCenter versions 2.x
  • VMware Server versions 2.x
  • VMware ESX versions 4.x
  • VMware ESX versions 3.x
  • VMware ESXi versions 4.x
  • VMware ESXi versions 3.x
  • VMware vMA versions 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patches:
http://lists.vmware.com/pipermail/security-announce/2009/000070.html

Vulnerability Identifier

Source

Related Link

Share with

Previous

HPOpenView Operations Default Account Code Execution Vulnerability

24 Nov 2009 4470 Views

Next

BlackBerry Products PDF Distiller Code Execution Vulnerabilities

4 Dec 2009 4255 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY