Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vmware - Critical Security Update


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:50 AM

Posted 26 December 2005 - 09:07 AM

Technical Description:
Advisory ID : FrSIRT/ADV-2005-3084
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-24

A vulnerability has been identified in VMware ESX Server, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in the VMware Management Interface that does not properly validate certain parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products: WMware ESX Server 2.0.x, 2.1.x, 2.5.x

Solution: Apply latest VmWare Patches
http://www.vmware.com/support/kb/enduser/s...hp?p_faqid=2001


Sharing as an FYI for those using VMware for server consolidation and management.

VMware - Critical Security Update should be applied quickly
http://www.frsirt.com/english/advisories/2005/3084

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users