Skip to content

Whitepapers
| The Channel

VMware patches remote execution vulns

Closing openwsman

By Dan Goodin, 19th September 2008

Cloud based data management

VMware has fixed critical security bugs in two of its virtualization products that could allow a remote attacker to remotely install malware on a host machine.

The patches, which apply to ESXi and ESX 3.5, fix two buffer overflow bugs that reside in a component known as openwsman. It provides web services management functionality and is enabled by default. The vulnerabilities could be exploited by people without login credentials to the system, VMware warns here.

VMware went on to say the bug can only be exploited if the attacker has access to the service console network. That isn't something VMware advises, but it's a fair bet that some people do it anyway.

The bug has been designated CVE-2008-2234 by the Common Vulnerabilities and Exposures Project. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections

Whitepapers

IT infrastructure monitoring strategies

Secure support mobile device access to sensitive corporate IT resources with confidence.

What you need to know about cloud backup

This resource answers the common questions enterprises have about cloud backup and recovery including its security, affordability, and flexibility.

Agentless Backup is Not a Myth

Read this white paper to learn about the seven benefits agentless backup and recovery software delivers to complex enterprise environments.

Top 10 SIEM Implementer’s Checklist

An automated discovery driven approach that shortens your path to comprehensive monitoring and prevents security blind spots.

Steps to Take Before Choosing a Business Continuity Partner

This Aberdeen Analyst report details the necessities in creating business continuity plans and if there’s the need to outsource part/all of the process.

Search more Resources

More from The Register

breaking news

Number of cops abusing Police National Computer access on the rise

Only a telegram from the Queen can get you off it

breaking news

NSA PRISM snoop-gate: Won't someone think of the children, wails Apple

10,000 things probed, mostly about missing kids, Alzheimer patients, we're told

Flash flaw potentially makes every webcam or laptop a PEEPHOLE

But it's a Google problem - Chrome only, insists Adobe

Most read

Spotlight

Obama-Chinese premier summit achieves little on cyber-security

My bleak tech reality: You can't trust anyone or anything, anymore

The X-47B Unmanned Combat Air System at its rollout ceremony

UN to call for 'pre-emptive' ban on soulless robot bomber assassins

Security Twitteratti: Twitter's 2FA does sweet FA for biz

Sponsored links

The Channel