Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - VMWare Security Advisory VMSA-2011-0001 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VMWare Security Advisory VMSA-2011-0001

Published: 2011-01-05
Last Updated: 2011-01-05 12:39:50 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

VMWare today released Security Advisory VMSA-2011-0001 [1] as well as updated two of last years security advisories [2],[3]

The update patches glibc, sudo and openldap that are used as part of VMWare ESX. The vulnerabilities could be used to escalate privileges if a user has access to the VMWare console or launch a denial of service attack.

Component CVE Number CVSS Base Score Access
glibc CVE-2010-3847 (not yet released)   - -
  CVE-2010-3856 (not yet released)   - -
sudo CVE-2010-2956  6.2 Medium local
openldap CVE-2010-0211  5.0 Medium network
  CVE-2010-0212 5.0 Medium network

 

[1] http://www.vmware.com/security/advisories/VMSA-2011-0001.html
[2] http://www.vmware.com/security/advisories/VMSA-2010-0017.html
[3] http://www.vmware.com/security/advisories/VMSA-2010-0016.html

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: vmware
0 comment(s)
Diary Archives