Feeds

VMWare update lances virtual bugs

Samba and Python bugs wiggle into virtualisation software

SANS - Survey on application security programs

VMware has updated ESX Server to defend against multiple holes in its virtualisation software.

A flaw involving the aacraid SCSI driver might be abused by malicious local users to bypass security restrictions or crash vulnerable systems. The security bug affects both VMware ESX Server 2.x and 3.x versions of the software.

Vulnerable systems could also be compromised by remote hackers with a separate flaw in the service console packages supported by ESX Server.

A stack buffer overflow flaw in the way Samba authenticates remote users and an integer overflow involving the way Python's Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions both allow hackers to inject code into vulnerable systems, as explained in an advisory by VMWare published on Thursday here.

Discovery of the flaws is credited to Adaptec, security notification firm Secunia, and Google. Secunia has published an overview of the bugs here.

The increased use of virtualisation in corporate data centres and elsewhere has raised the profile of the technology. Security handlers at the SANS Institute's Internet Storm Centre described how the technology is showing signs of becoming a battleground between security researchers and crackers, as well as outlining a possible response, in an article published last September here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.