VMWare update lances virtual bugs
Print storySamba and Python bugs wiggle into virtualisation software
Posted in Enterprise Security, 22nd February 2008 12:01 GMT
VMware has updated ESX Server to defend against multiple holes in its virtualisation software.
A flaw involving the aacraid SCSI driver might be abused by malicious local users to bypass security restrictions or crash vulnerable systems. The security bug affects both VMware ESX Server 2.x and 3.x versions of the software.
Vulnerable systems could also be compromised by remote hackers with a separate flaw in the service console packages supported by ESX Server.
A stack buffer overflow flaw in the way Samba authenticates remote users and an integer overflow involving the way Python's Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions both allow hackers to inject code into vulnerable systems, as explained in an advisory by VMWare published on Thursday here.
Discovery of the flaws is credited to Adaptec, security notification firm Secunia, and Google. Secunia has published an overview of the bugs here.
The increased use of virtualisation in corporate data centres and elsewhere has raised the profile of the technology. Security handlers at the SANS Institute's Internet Storm Centre described how the technology is showing signs of becoming a battleground between security researchers and crackers, as well as outlining a possible response, in an article published last September here. ®
Free whitepaper - The Botnet Threat: Targeting your Business
Extended Validation SSL Certificates
Enforce Your Email and Web Acceptable Usage Policies
Effectively Securing Small Businesses from Online Threats
Server-Gated Cryptography
Netbooks and Mini-Laptops
How the fate of the US economy rests on a Dell workstation
How many terabytes can you fit on a 2.5-inch hard drive?
China's nonstop music machine