Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: VMWare Security Advisories VMSA-2016-0005 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMWare Security Advisories VMSA-2016-0005

VMWare published today a security advisory about the following CVEs:

  • CVE-2016-3427 Critical JMX issue when deserializing authentication credentials. This vulnerability allows to execute commands to the RMI Server of Oracle JRE JMX without proper authentication. This is a remote and local vulnerability.
  • CVE-2016-2077 Important VMWare Workstation and Player for Windows host privilege escalation vulnerability. This vulnerability allows privilege escalation. It's a local vulnerability.

Not all products are affected and not all affected products already has a patch. If there is not a patch, there is a workaround. Check https://www.vmware.com/security/advisories/VMSA-2016-0005.html for more information about your product.

We have not noticed exploits in the wild so far. If you notice one, please let us know using our contact form.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

182 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!