News

VMware Fixes Vulnerabilities

VMware has issued patches that will eliminate the vulnerabilities found last month, according to an announcement the company posted on some security news mailing lists today.

The vulnerability allowed users of some VMware products to escape virtualized environments and enter the host systems with full privileges.

To patch the hole, the company has updated:

The vulnerability, called a path traversal, involves the manipulation of VMware shared folders that are used to transfer data between the guest virtualized system and the host system. A user in a virtual environment could type in a path name that would provide entry into the host system, with full read and write privileges.

The vulnerability does not affect ESX Server or Linux versions of the VMware software.

The patches cover CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363 and CVE-2008-1340, as categorized by the Common Vulnerabilities and Exposures project.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Featured

  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.