I am also one of fans to vmware products including wks, gsx, and esx, actually I am now having a test for esx platform. I believe NAT is quite seldom used in our virtual networking model, so I have no worrying to that kind of security issue. On the other hand, I hope the latest release of GSX 3.2.1 dest including the fix to domain trust bug besides patch to vulnerability at NAT networking. So far, I do believe Vmware is the best product at virtulazation. ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 23, 2005 4:43 AM Subject: [isalist] RE: Fw: VMware vulnerability in NAT networking http://www.ISAserver.org You know what I mean GSX/ESX. Was mixing up my paraphores. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Thursday, December 22, 2005 2:35 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Fw: VMware vulnerability in NAT networking > > http://www.ISAserver.org > > What's GFX/EFX? They have a special acronym just for you??? :-p > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it." > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, December 22, 2005 11:55 AM > Subject: [isalist] RE: Fw: VMware vulnerability in NAT networking > > > http://www.ISAserver.org > > I'm a big GFX/EFX fan too. I never use the NAT networking > thing and always > turn off that service and virtual adapter. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] > > Sent: Thursday, December 22, 2005 1:12 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Fw: VMware vulnerability in NAT networking > > > > http://www.ISAserver.org > > > > Actually, I went there, and still am, and I pray to whichever > > god will bring > > me back Vmware GSX. > > > > Actually Virtual Server 2005 R2 is better, namely for HT > > support. Makes it > > more bearable -- but I like GSX better. Or if I can afford > it, ESX :) > > > > -----Message d'origine----- > > De : Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Envoyé : 21 décembre 2005 19:59 > > À : [ISAserver.org Discussion List] > > Objet : [isalist] RE: Fw: VMware vulnerability in NAT networking > > > > http://www.ISAserver.org > > > > When you go to Virt Server, you'll never go back... > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Wednesday, December 21, 2005 14:30 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Fw: VMware vulnerability in NAT networking > > > > http://www.ISAserver.org > > > > Good thing I switched to VirtPC ;) > > > > t > > > > ----- > > "I may disapprove of what you say, > > but I will defend to the death your > > right to say it." > > > > > > ----- Original Message ----- > > From: <vmware-security-alert@xxxxxxxxxx> > > To: <bugtraq@xxxxxxxxxxxxxxxxx> > > Sent: Tuesday, December 20, 2005 11:47 PM > > Subject: VMware vulnerability in NAT networking > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > VULNERABILITY SUMMARY > > > A vulnerability has been discovered in vmnat.exe on Windows > > hosts and > > > vmnet-natd on Linux systems. > > > The vulnerability makes it possible for a malicious guest > > using a NAT > > > networking > > > configuration to execute unwanted code on the host machine. > > > > > > AFFECTED SYSTEMS: > > > VMware Workstation, VMware GSX Server, VMware ACE, and > > VMware Player. > > > > > > RESOLUTION: > > > VMware believes that the vulnerability is very serious, and > > recommends > > > that > > > affected users update their products to the new releases or > > change the > > > configuration of > > > the virtual machine so it does not use NAT networking. > > > > > > The new releases are now available for download at > > www.vmware.com/download > > > > > > If you choose not to update your product but want to ensure > > that the NAT > > > service > > > is not available, you can disable it completely on VMware > > Workstation or > > > VMware > > > GSX Server by following the instructions in the Knowledge > > Base article > > > (Answer ID 2002) at > > > http://www.vmware.com/support/kb. > > > > > > VMware thanks Tim Shelton of ACS Security Assessment Engineering, > > > Affiliated > > > Computer Services, Inc., for reporting this vulnerability. > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.2 (MingW32) > > > > > > iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ > > > 8IsO2kOVTmwHSMbAGSRN1qw= > > > =nmuM > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > gauthiera@xxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: roy_tsao@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx