---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21230 VERIFY ADVISORY: http://secunia.com/advisories/21230/ CRITICAL: Less critical IMPACT: Hijacking, Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: VMware ESX Server 2.x http://secunia.com/product/2125/ DESCRIPTION: Corsaire has reported some vulnerabilities in VMware ESX Server, which can be exploited to gain knowledge of potentially sensitive information or conduct cross-site request forgery attacks. 1) When changing passwords using the management interface, the GET request containing the password in clear text is logged to a world-readable file. 2) The management interface uses a proprietary session ID format containing authentication credentials encoded in base64. If malicious people get hold of the session cookies, it's possible to gain knowledge of the user account and password. 3) The management interface allows users to perform certain actions via HTTP GET requests without performing any validity checks to verify the user's request. This can be exploited to change a user's password when user visits a malicious web site while logged in. SOLUTION: According to the researchers, the vulnerabilities have been fixed in version 2.5.3 Upgrade Patch 2, 2.1.3 Upgrade Patch 1, and 2.0.2 Upgrade Patch 1. PROVIDED AND/OR DISCOVERED BY: Stephen de Vries og Martin O'Neal, Corsaire. ORIGINAL ADVISORY: http://www.corsaire.com/advisories/c060512-001.txt http://www.corsaire.com/advisories/c051114-001.txt http://www.corsaire.com/advisories/c051114-003.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------