Fri, Sep 19 2008 17:34
VMware Releases Security Advisory VMSA-0008-0015
VMware has released a Security Advisory
indicating it has updated the ESXi and ESX 3.5 packages to address a
vulnerability in "openwsman". This vulnerability is due to several
buffer overflow conditions in the handling of HTTP basic authentication
headers. Exploitation of this vulnerability may allow a remote,
unauthenticated attacker to execute arbitrary code on the host running
ESXi or ESX.
US-CERT encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.
Filed under: Advisories / Bulletins