Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

September 19th, 2008

VMWare issues 'critical' ESXi security advisory

Posted by Ryan Naraine @ 11:00 am

Categories: Arbitrary Code Execution, Complex Attacks, Data theft, Denial of Service (DoS), Kernel-level Exploits, Locally Running Web Servers, Open source, Passwords, Patch Watch, Pen testing, Vulnerability research, Zero-day attacks

Tags: VMware Inc., Authentication, Security, Ryan Naraine

VMWare issues ‘critical’ security advisory VMware has released new ESXi and ESX 3.5 packages to fix a “critical” security issue that allows a remote, unauthenticated attacker to launch harmful code on the host running the hypervisor.

According to this VMWare advisory, the patches fix two remote buffer overflows in the handling of HTTP basic authentication headers.

This vulnerability could potentially be exploited by users without valid login credentials.

The vulnerability exists in the “Openwsman” system management platform which is enabled by default in ESX to implement the Web Services Management protocol (WS-Management).

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 4 Talkback(s)

Thread View
Flat View

Sucked in: I know. Just got sucked in. It just amazes me when I see some of the comments on here. I usually just laugh, but even the worst offenders explain themselves a bit when they have an opinion!... (Read the rest); Posted by: Frankmjr Posted on: 09/22/08 You are currently: a Guest | Log in | Terms of Use

nobody cares about ESXi and ESX 3.5 products qmlscycrajg | 09/19/08

And you say this why? Frankmjr | 09/22/08

An idiot jakesty | 09/22/08

Sucked in Frankmjr | 09/22/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Key Strategies for Federal Agencies - Safe and Cost Effective Migration for Legacy Hardware GovConnection The federal government has mandated that federal agencies reduce energy ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now

Blogs From Our Sponsors

Top Rated

Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+41 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Phishing experiment sneaks through all anti-spam filters+25 votes
Microsoft patches Windows worm holes, drive-by download flaws+20 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Zero Day

Ryan Naraine and Dancho Danchev

September 19th, 2008

VMWare issues 'critical' ESXi security advisory

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

September 19th, 2008

VMWare issues 'critical' ESXi security advisory

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads