Lucene search

K
vmwareVMwareVMSA-2009-0003
HistoryJan 26, 2009 - 12:00 a.m.

ESX 2.5.5 patch 12 updates service console packag ed

2009-01-2600:00:00
www.vmware.com
39

EPSS

0.005

Percentile

75.4%

a. Updated ESX patch updates Service Console package "ed"If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. “ed” is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). A heap-based buffer overflow was discovered in the way “ed”, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the “ed” editor. The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2008-3916 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available.