A VMware em conjunto com a Tripwire desenvolverão uma ferramenta gratuita para verificar a as configurações buscando por falhas que podem comprometer a segurança do ambiente.
OPERATING SYSTEM: VMware ESX Server 3.x VMware ESX Server 2.x VMware Workstation 5.x VMware Server 1.x VMware Player 1.x VMware ACE 1.x VMware VIX API 1.x
DESCRIPTION: Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.
1) An error exists in the "HGFS.sys" driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine.
2) An error in "vmware-authd" can be exploited to gain escalated privileges on a Linux host machine.
Um comentário:
Fala Wagner !
Certamente isso é para minimizar e detectar rapidamente problemas de segurança do tipo:
http://www.secuobs.com/secumail/snsecumail/msg10864.shtml
http://secunia.com/advisories/26890/
VMware Products Multiple Vulnerabilities
CRITICAL:
Less critical
IMPACT:
Security Bypass, Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
VMware ESX Server 3.x
VMware ESX Server 2.x
VMware Workstation 5.x
VMware Server 1.x
VMware Player 1.x
VMware ACE 1.x
VMware VIX API 1.x
DESCRIPTION:
Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.
1) An error exists in the "HGFS.sys" driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine.
2) An error in "vmware-authd" can be exploited to gain escalated privileges on a Linux host machine.
Abraços !
Postar um comentário