It's all in your head... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Wednesday, December 21, 2005 16:49 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Fw: VMware vulnerability in NAT networking http://www.ISAserver.org But if it is virtual, does it actually exist? John T eServices For You > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Wednesday, December 21, 2005 2:29 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Fw: VMware vulnerability in NAT networking > > http://www.ISAserver.org > > Good thing I switched to VirtPC ;) > > t > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it." > > > ----- Original Message ----- > From: <vmware-security-alert@xxxxxxxxxx> > To: <bugtraq@xxxxxxxxxxxxxxxxx> > Sent: Tuesday, December 20, 2005 11:47 PM > Subject: VMware vulnerability in NAT networking > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > VULNERABILITY SUMMARY > > A vulnerability has been discovered in vmnat.exe on Windows hosts > > and vmnet-natd on Linux systems. > > The vulnerability makes it possible for a malicious guest using a > > NAT networking configuration to execute unwanted code on the host > > machine. > > > > AFFECTED SYSTEMS: > > VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player. > > > > RESOLUTION: > > VMware believes that the vulnerability is very serious, and > > recommends that affected users update their products to the new > > releases or change the configuration of the virtual machine so it > > does not use NAT networking. > > > > The new releases are now available for download at www.vmware.com/download > > > > If you choose not to update your product but want to ensure that the > > NAT service is not available, you can disable it completely on > > VMware Workstation or VMware GSX Server by following the > > instructions in the Knowledge Base article (Answer ID 2002) at > > http://www.vmware.com/support/kb. > > > > VMware thanks Tim Shelton of ACS Security Assessment Engineering, > > Affiliated Computer Services, Inc., for reporting this > > vulnerability. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.2 (MingW32) > > > > iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ > > 8IsO2kOVTmwHSMbAGSRN1qw= > > =nmuM > > -----END PGP SIGNATURE----- > > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.