Fri, Sep 19 2008 17:34 Don

VMware Releases Security Advisory VMSA-0008-0015

VMware has released a Security Advisory indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in "openwsman". This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#vmware_releases_security_advisory_vmsa

Filed under: