گزارش دو آسیب پذیری جدید در VMware
بنا به گزارش منتشر شده در وبسایت رسمی VMware به آدرس : VMware Virtualization Software for Desktops, Servers & Virtual Machines for Public and Private Cloud Solutions دو آسیب پذیری در نسخه های VMware ESX Server و VMware ESXi وجود دارد که می توانید با نصب Patch مربوطه این ریسک های امنیتی را برطرف نمایید.
شرح بیشتر این آسیب پذیری ها :
VMware ESX Server Multiple Vulnerabilities
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability
نقل قول:
Description
Derek Soeder has reported a vulnerability in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
The vulnerability is caused due to an error when handling certain backdoor I/O instructions and can be exploited to modify virtual DOS machine Read-Only Memory via a specially crafted request sent to the high-bandwidth backdoor port (0x5659).
The vulnerability is reported in ESX Server and ESXi versions 4.1, 4.0, and 3.5 running Windows XP 32-bit, Windows Server 2003 32-bit, and Windows Server 2003 R2 32-bit.
Solution
Apply patches.
Further details available in Customer Area
Provided and/or discovered by
Derek Soeder, Ridgeway Internet Security.
Changelog
Further details available in Customer Area
Original Advisory
VMware:
VMSA-2012-0006
Derek Soeder:
NEOHAPSIS - Peace of Mind Through Integrity and Insight
برای کسب اطلاعات بیشتر به لینکهای زیر مراجعه بفرمایید :
VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability - Secunia.com
VMware ESX Server Multiple Vulnerabilities - Secunia.com
---------
