The Register® — Biting the hand that feeds IT

VMware patches remote execution vulns

Closing openwsman

Free whitepaper – Optimizing the data center for cost and efficiency

VMware has fixed critical security bugs in two of its virtualization products that could allow a remote attacker to remotely install malware on a host machine.

The patches, which apply to ESXi and ESX 3.5, fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system, VMware warns here.

VMware went on to say the bug can only be exploited if the attacker has access to the service console network. That isn't something VMware advises, but it's a fair bet that some people do it anyway.

The bug has been designated CVE-2008-2234 by the Common Vulnerabilities and Exposures Project. ®

Free whitepaper – Thermal design of Dell PowerEdge server

Webcast: Jumpstart your Application Security initiatives