[THIN] Alert: VMware ESX Server Management Interface Unspecified Vulnerability

• From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx, virtualize <virtualize@xxxxxxxxxxxxx>
• Date: Fri, 30 Dec 2005 09:45:15 -0800 (PST)

This is getting pretty aggravating:
JK
 
Secunia Advisory : SA18250
Release Date : 2005-12-30

Critical : Less critical. Critical Level 2 of 5.
Impact : Unknown
Where : From local network

Solution Status : Vendor Patch

OS : 
VMware ESX Server 2.x

Description : 
A vulnerability has been reported in VMware ESX Server, which has an unknown 
impact.

The vulnerability is caused due to an unspecified error in the VMware 
Management Interface. This can be exploited for code execution in the web 
browser.

The vulnerability has been reported in version 2.0.1, 2.1.2, and 2.5.2.


Solutions : 
Apply updates.

VMware ESX Server 2.0.1:
Apply upgrade patch 6.
http://www.vmware.com/download/esx/esx-201-200512-patch.html

VMware ESX Server 2.1.2:
Apply upgrade patch 6.
http://www.vmware.com/download/esx/esx-212-200512-patch.html

VMware ESX Server 2.5.2:
Apply upgrade Patch 2.
http://www.vmware.com/download/esx/esx-252-200512-patch.html

Provided and/or discovered by :
Reported by vendor.

Original Advisory : 
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription