RE: Fw: VMware vulnerability in NAT networking
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 16:58:48 -0800
When you go to Virt Server, you'll never go back...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 21, 2005 14:30
To: [ISAserver.org Discussion List]
Subject: [isalist] Fw: VMware vulnerability in NAT networking
http://www.ISAserver.org
Good thing I switched to VirtPC ;)
t
-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."
----- Original Message -----
From: <vmware-security-alert@xxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Tuesday, December 20, 2005 11:47 PM
Subject: VMware vulnerability in NAT networking
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> VULNERABILITY SUMMARY
> A vulnerability has been discovered in vmnat.exe on Windows hosts and
> vmnet-natd on Linux systems.
> The vulnerability makes it possible for a malicious guest using a NAT
> networking
> configuration to execute unwanted code on the host machine.
>
> AFFECTED SYSTEMS:
> VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player.
>
> RESOLUTION:
> VMware believes that the vulnerability is very serious, and recommends
> that
> affected users update their products to the new releases or change the
> configuration of
> the virtual machine so it does not use NAT networking.
>
> The new releases are now available for download at www.vmware.com/download
>
> If you choose not to update your product but want to ensure that the NAT
> service
> is not available, you can disable it completely on VMware Workstation or
> VMware
> GSX Server by following the instructions in the Knowledge Base article
> (Answer ID 2002) at
> http://www.vmware.com/support/kb.
>
> VMware thanks Tim Shelton of ACS Security Assessment Engineering,
> Affiliated
> Computer Services, Inc., for reporting this vulnerability.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ
> 8IsO2kOVTmwHSMbAGSRN1qw=
> =nmuM
> -----END PGP SIGNATURE-----
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
