---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24788 VERIFY ADVISORY: http://secunia.com/advisories/24788/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: VMware ESX Server 3.x http://secunia.com/product/10757/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, and malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA15449 SA15949 SA16137 SA16816 Additionally, a VMware internal security audit revealed the following two vulnerabilities: 1) An unspecified double free error can be exploited to cause a DoS, disclose sensitive information and may allow the execution of arbitrary code via unknown vectors. 2) An unspecified buffer overflow can be exploited to cause a DoS or gain escalated privileges via unknown vectors. SOLUTION: Apply patches. -- VMware ESX 3.0.1 -- http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html -- VMware ESX 3.0.0 -- http://www.vmware.com/support/vi3/doc/esx-55052-patch.html http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html ORIGINAL ADVISORY: http://kb.vmware.com/kb/2559638 http://kb.vmware.com/kb/6431040 http://kb.vmware.com/kb/9916286 http://kb.vmware.com/kb/55052 http://kb.vmware.com/kb/1121906 http://kb.vmware.com/kb/3616065 http://kb.vmware.com/kb/55052 OTHER REFERENCES: SA15449: http://secunia.com/advisories/15949/ SA15949: http://secunia.com/advisories/15449/ SA16137: http://secunia.com/advisories/16137/ SA16816: http://secunia.com/advisories/16816/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------