VMware vSphere security updates for the authentication service and third party libraries

a. VMware vSphere client-side authentication memory corruption vulnerabilityVMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere...

VMSA-2013-0001:VMware vSphere security updates for the authentication service and third party libraries

VMSA-2013-0001.5 VMware vSphere security updates for the authentication service and third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0001.5 VMware Security Advisory Synopsis: VMware vSphere security updates for the authentication service and third par...

VMware security updates for vCSA, vCenter Server, and ESXi

a. vCenter Server Appliance directory traversal The vCenter Server Appliance vCSA contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like ...

VMSA-2012-0018:VMware security updates for vCSA, vCenter Server, and ESXi

VMSA-2012-0018.2 VMware security updates for vCSA, vCenter Server, and ESXi VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0018.2 VMware Security Advisory Synopsis: VMware security updates for vCSA, vCenter Server, and ESXi VMware Security Advisory Issue date: 2012-12-20...

VMware View Server directory traversal

a. VMware View Server directory traversalVMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the...

VMSA-2012-0016:VMware security updates for vSphere API and ESX Service Console

VMSA-2012-0016 VMware security updates for vSphere API and ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0016 VMware Security Advisory Synopsis: VMware security updates for vSphere API and ESX Service Console VMware Security Advisory Issue date:...

VMSA-2012-0015:VMware Hosted Products and OVF Tool address security issues

VMSA-2012-0015 VMware Hosted Products and OVF Tool address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0015 VMware Security Advisory Synopsis: VMware Hosted Products and OVF Tool address security issues VMware Security Advisory Issue date: 2012-11-08...

VMSA-2012-0014:VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates

VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0014 VMware Security Advisory Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security...

VMware vSphere and vCOps updates to third party libraries

a. vCenter and ESX update to JRE 1.6.0 Update 31The Oracle Sun JRE is updated to version 1.6.031, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.Column 4 of...

VMSA-2012-0013:VMware vSphere and vCOps updates to third party libraries

VMSA-2012-0013.2 VMware vSphere and vCOps updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0013.2 VMware Security Advisory Synopsis: VMware vSphere and vCOps updates to third party libraries VMware Security Advisory Issue date: 2012-08-30...

VMware ESXi update to third party library

a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2010-4008, CVE-2011-0216,CVE-2011-1944, CVE-2011-2834,...

VMSA-2012-0012:VMware ESXi update to third party library

VMSA-2012-0012.2 VMware ESXi update to third party library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0012.2 VMware Security Advisory Synopsis: VMware ESXi update to third party library VMware Security Advisory Issue date: 2012-07-12 VMware Security Advisory Updated...

VMSA-2012-0011:VMware hosted products and ESXi and ESX patches address security issues

VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0011 VMware Security Advisory Synopsis: VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory...

VMSA-2012-0010:VMware vMA addresses a security issue

VMSA-2012-0010 VMware vMA addresses a security issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0010 VMware Security Advisory Synopsis: VMware vMA addresses a security issue VMware Security Advisory Issue date: 2012-05-25 VMware Security Advisory Updated on: 2012-05-...

VMware Workstation, Player, ESXi and ESX patches address critical security issues

a. VMware host memory overwrite vulnerability data pointersDue to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.Workarou...

VMSA-2012-0009:VMware Workstation, Player, ESXi and ESX patches address CRITICAL security issues

VMSA-2012-0009.2 VMware Workstation, Player, ESXi and ESX patches address critical security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0009.2 VMware Security Advisory Synopsis: VMware Workstation, Player, ESXi and ESX patches address critical security issues...

VMware ESX updates to ESX Service Console

a. ESX third party update for Service Console kernelThe ESX Service Console Operating System COS kernel is updated which addresses several security issues in the COS kernel.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2011-3191, CVE-2011-4348 and...

VMSA-2012-0008:VMware ESX updates to ESX Service Console

VMSA-2012-0008.1 VMware ESX updates to ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0008.1 VMware Security Advisory Synopsis: VMware ESX updates to ESX Service Console VMware Security Advisory Issue date: 2012-04-26 VMware Security Advisory Updated...

VMware hosted products and ESXi/ESX patches address privilege escalation

a. VMware Tools Incorrect Folder Permissions Privilege EscalationThe access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.VMware would like to thank Tavis Ormandy for reporting...

VMSA-2012-0007:VMware hosted products and ESXi/ESX patches address privilege escalation

VMSA-2012-0007.1 VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0007.1 VMware Security Advisory Synopsis: VMware hosted products and ESXi/ESX patches address privilege escalation VMware Security...

VMware ESXi and ESX address several security issues

a. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit,...

VMSA-2012-0006:VMware ESXi and ESX address several security issues

VMSA-2012-0006.2 VMware ESXi and ESX address several security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0006.2 VMware Security Advisory Synopsis: VMware ESXi and ESX address several security issues VMware Security Advisory Issue date: 2012-03-29 VMware Securi...

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest...

VMware View privilege escalation and cross-site scripting

a. VMware Virtual Desktop Display Driver Privilege EscalationThe VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual...

VMSA-2012-0005:VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

VMSA-2012-0005.4 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0005.4 VMware Security Advisory Synopsis: VMware vCenter Server...

VMware VirtualCenter Update and ESX 3.5 patch update JRE

a. VirtualCenter and ESX, Oracle Sun JRE update 1.5.032Oracle Sun JRE is updated to version 1.5.032, which addresses multiple security issues that existed in earlier releases of OracleSun JRE.Oracle has documented the CVE identifiers that are addressed in JRE 1.5.032 in the Oracle Java SE Critica...

VMSA-2012-0003:VMware VirtualCenter Update and ESX 3.5 patch update JRE

VMSA-2012-0003.1 VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0003.1 VMware Security Advisory Synopsis: VMware VirtualCenter Update and ESX 3.5 patch update JRE VMware Security Advisory Issue date: 2012-03-08...

VMSA-2012-0002:VMware vCenter Chargeback Manager Information Leak and Denial of Service

VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0002 VMware Security Advisory Synopsis: VMware vCenter Chargeback Manager Information Leak and Denial of Service VMware Security Advisor...

VMware ESXi and ESX updates to third party library and ESX Service Console

a. ESX third party update for Service Console kernelThe ESX Service Console Operating System COS kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2011-0726,...

VMSA-2012-0001:VMware ESXi and ESX updates to third party library and ESX Service Console

VMSA-2012-0001.2 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0001.2 VMware Security Advisory Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security...

VMSA-2011-0014:VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability

VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0014 VMware Security Advisory Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses...

VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

a. ESX third party update for Service Console openssl RPMThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el55.7 resolving two security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues.Colum...

VMSA-2011-0013:VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

VMSA-2011-0013.3 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0013.3 VMware Security Advisory Synopsis: VMware third party component updates for VMware vCenter Server,...

VMware ESXi and ESX updates to third party libraries and ESX Service Console

a. ESX third party update for Service Console kernelThis update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,...

VMSA-2011-0012:VMware ESXi and ESX updates to third party libraries and ESX Service Console

VMSA-2011-0012.3 VMware ESX third party updates for Service Console packages glibc and dhcp VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0012.3 VMware Security Advisory Synopsis: VMware ESX third party updates for Service Console packages glibc and dhcp VMware Security...

VMSA-2011-0011:Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled

VMSA-2011-0011 VMware hosted products address remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0011 VMware Security Advisory Synopsis: VMware hosted products address remote code execution vulnerability VMware Security Advisory Issue date...

VMware ESX third party updates for Service Console packages glibc and dhcp

a. Service Console update for DHCPThe DHCP client daemon, dhclient, does not properly sanatize certain options in DHCP server replies. An attacker could send a specially crafted DHCP server reply, that is saved on the client system and evaluated by a process that assumes the option is trusted. Th...

VMSA-2011-0010:VMware ESX third party updates for Service Console packages glibc and dhcp

VMSA-2011-0010.3 VMware ESX third party updates for Service Console packages glibc and dhcp VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0010.3 VMware Security Advisory Synopsis: VMware ESX third party updates for Service Console packages glibc and dhcp VMware Security...

VMware hosted product updates, ESX patches and VI Client update resolve multiple security issue

a. VMware vmkernel third party e1000e Driver Packet Filter Bypass There is an issue in the e1000e Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2009-4536 to...

VMSA-2011-0009:VMware hosted product updates, ESX patches and VI Client update resolve multiple security issue

VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0009.3 VMware Security Advisory Synopsis: VMware hosted product updates, ESX patches and VI Client update...

VMSA-2011-0008:VMware vCenter Server and vSphere Client security vulnerabilities

VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0008 VMware Security Advisory Synopsis: VMware vCenter Server and vSphere Client security vulnerabilities VMware Security Advisory Issue date:...

VMSA-2011-0007:VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0007 VMware Security Advisory Synopsis: VMware ESXi and ESX Denial of Service and third party updat...

VMware vmrun utility local privilege escalation

a. VMware Linux based vmrun utility local privilege escalationVMware vmrun is a utility that is used to perform various tasks on virtual machines. The vmrun utility runs on any platform with VIX libraries installed. It is installed in VMware Workstation by default.In non-standard filesystem...

VMSA-2011-0006:VMware vmrun utility local privilege escalation

VMSA-2011-0006.1 VMware vmrun utility local privilege escalation VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0006.1 VMware Security Advisory Synopsis: VMware vmrun utility local privilege escalation VMware Security Advisory Issue date: 2011-03-29 VMware Security...

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...

VMSA-2011-0005:VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

VMSA-2011-0005.3 VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0005.3 VMware Security Advisory Synopsis: VMware vCenter Orchestrator and Alive Enterprise remote code execution...

VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

a. Service Location Protocol daemon DoSThis patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon SLPD. Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.VMware would like to thank Nicolas Gregoire and US CERT for reporting th...

VMSA-2011-0004:VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0004.3 VMware Security Advisory Synopsis: VMware ESX/ESXi SLPD denial of...

VMSA-2011-0003:Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0003.2 VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update...

VMSA-2011-0002:Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0002 VMware Security Advisory Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi VMware Security...