---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: VMware ESX / ESXi Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31713 VERIFY ADVISORY: http://secunia.com/advisories/31713/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: VMware ESX Server 3.x http://secunia.com/product/10757/ VMware ESXi 3.x http://secunia.com/product/19561/ DESCRIPTION: VMware has acknowledged a weakness and a vulnerability in VMware ESX Server, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service). 1) An error in libpng can be exploited by malicious people to cause a DoS. For more information: SA27093 2) The VMware Consolidated Backup(VCB) command-line utilities use the password as command line argument when invoking other programs. This can be exploited to disclose the password via e.g. the "ps" command. Successful exploitation requires access to the service console. This vulnerability does not affect VMware ESXi 3.5. SOLUTION: Apply patches if available. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html OTHER REFERENCES: SA27093: http://secunia.com/advisories/27093/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------