Humpty Posted September 20, 2007 Share Posted September 20, 2007 Virtualisation software vendor VMware has released numerous product updates which fix vulnerabilities in almost all the products in their portfolio. Attackers can exploit these vulnerabilities to, for example, break out of the guest system in the virtual machine or terminate processes on the host system. The VMware security advisory lists a total of 20 entries in the Common Vulnerabilities and Exposures (CVE) database which relate to security vulnerabilities fixed by the new versions. Particularly critical are the vulnerabilities which enable attackers or malicious software to break out of the virtual machine. From an account with administrator privileges on a guest system, attackers can manipulate the memory of host processes leading to execution of injected malicious code. It is also possible to crash processes on the host system. In the integrated DHCP server, crafted packets may allow access with SYSTEM privileges. Article Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now