New VMware Security Advisory VMSA-2017-0015

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: “VMSA-2017-0015 – VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities” This documents the remediation of a critical severity issue (CVE-2017-4924) and two moderate severity issues (CVE-2017-4925 and CVE-2017-4926). These issues affect VMware ESXi, VMware Workstation, VMware Fusion and VMware vCenter Server. Issue (a) CVE-2017-4924 is an out-of-bounds write vulnerability Read more [...]

VMware Security Response Center @ VMworld 2017

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

For  those visiting VMworld, come and meet VMware Trust and Assurance (which includes VMware Security Response Center) in Las Vegas next week or in Barcelona in three weeks from now. Bring your questions and concerns on security issues in our products and services, and how we address these. We would also like to have feedback on the VMware Security Advisories  and our patch policies. How to find us? We  are accepting 1:1 meetings at VMworld. If  you would like to schedule a meeting Read more [...]

New VMware Security Advisory VMSA-2017-0014

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today, VMware has released the following new security advisory: VMSA-2017-0014 – VMware NSX-V Edge updates address OSPF Protocol LSA DoS The advisory documents a hard to exploit denial of service vulnerability in the implementation of the OSPF protocol in NSX-V Edge. This issue is present due to incorrect handling of link-state advertisements (LSA). NSX-V Edge 6.2.8 and NSX-V Edge 6.3.3 address the issue. We would like to thank Adi Sosnovich, Orna Grumberg and Gabi Nakibly for reporting this Read more [...]

New VMware Security Advisory VMSA-2017-0013

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: “VMSA-2017-0013 – VMware vCenter Server and Tools updates resolve multiple security vulnerabilities” This documents an insecure library loading issue (CVE-2017-4921) and two information disclosure issues (CVE-2017-4922 and CVE-2017-4923) affecting VMware vCenter 6.5 release line. These issues are of moderate severity. This also documents a moderate severity local privilege escalation issue (CVE-2015-5191) affecting VMware Read more [...]

Guest Access: BlackHat 2017

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

The Black Hat USA 2017 conference includes a talk by Ofri Ziv of Guardicore Labs about using the VIX API to obtain privileged access to a guest operating system with unexpectedly low VIM API permissions. VMSA-2017-0012 contains details of impacted versions and workarounds. The Common Vulnerabilities and Exposures project has assigned CVE-2017-4919 for this issue, with thanks to Ofri Ziv and Itamar Tal of Guardicore for discovering and reporting it. Permissions Understanding the privilege Read more [...]

New VMware Security Advisory VMSA-2017-0011

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today, VMware has released the following new security advisory: “VMSA-2017-0011 – Horizon View Client update addresses a command injection vulnerability” This documents an important severity command injection vulnerability (CVE-2017-4918) in the service startup script that affects VMware Horizon View Client for Mac (versions 2.x, 3.x and 4.x ). Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OS X system where the Read more [...]

New VMware Security Advisory VMSA-2017-0010 and Updated Security Advisory VMSA-2016-0024.1

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

On 6th of June 2017, VMware released the following new and updated security advisories: VMSA-2017-0010 – vSphere Data Protection (VDP) updates address multiple security issues. This new security advisory documents two issues. VDP contains a deserialization issue (CVE-2017-4914). Exploitation of this issue may allow a remote attacker to execute commands on the appliance. VMware would like to thank Tim Roberts, Arthur Chilipweli, and Kelly Correll from NTT Security for reporting this issue to Read more [...]

New VMware Security Advisory VMSA-2017-0009

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: “VMSA-2017-0009 – VMware Workstation update addresses multiple security issues” This documents an important severity insecure library loading issue via ALSA sound driver configuration files (CVE-2017-4915) and a moderate severity NULL pointer dereference issue (CVE-2017-4916) affecting Workstation Pro/Player. All VMware Workstation Pro/Player 12.x are affected. Successful exploitation of the insecure library loading Read more [...]

New VMware Security Advisory VMSA-2017-0008

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: VMSA-2017-0008 – VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities This documents several critical memory corruption vulnerabilities affecting VMware Unified Access Gateway (formerly called Access Point) (8.2.x), Horizon View (7.x, 6.2.x) and Workstation (12.5.x). Issue (a) is a heap-based buffer overflow vulnerability (CVE-2017-4907) which affects VMware Unified Access Read more [...]

New VMware Security Advisory VMSA-2017-0007

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

On Tuesday, 4th of April 2017 a remote code-execution issue in the BlazeDS library (CVE-2017-5641) was disclosed in a US-CERT security advisory. We have reviewed the issue and determined that VMware vCenter Server 6.5 and 6.0 are affected due to the use of BlazeDS to process AMF3 messages. VMware vCenter Server 5.5 is not affected. We have released the following new security advisory which documents the fixes for VMware vCenter Server 6.5 and 6.0 along with the workarounds: VMSA-2017-0007– Read more [...]