New VMware Security Advisory VMSA-2017-0011

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today, VMware has released the following new security advisory: “VMSA-2017-0011 – Horizon View Client update addresses a command injection vulnerability” This documents an important severity command injection vulnerability (CVE-2017-4918) in the service startup script that affects VMware Horizon View Client for Mac (versions 2.x, 3.x and 4.x ). Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OS X system where the Read more [...]

New VMware Security Advisory VMSA-2017-0010 and Updated Security Advisory VMSA-2016-0024.1

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

On 6th of June 2017, VMware released the following new and updated security advisories: VMSA-2017-0010 – vSphere Data Protection (VDP) updates address multiple security issues. This new security advisory documents two issues. VDP contains a deserialization issue (CVE-2017-4914). Exploitation of this issue may allow a remote attacker to execute commands on the appliance. VMware would like to thank Tim Roberts, Arthur Chilipweli, and Kelly Correll from NTT Security for reporting this issue to Read more [...]

New VMware Security Advisory VMSA-2017-0009

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: “VMSA-2017-0009 – VMware Workstation update addresses multiple security issues” This documents an important severity insecure library loading issue via ALSA sound driver configuration files (CVE-2017-4915) and a moderate severity NULL pointer dereference issue (CVE-2017-4916) affecting Workstation Pro/Player. All VMware Workstation Pro/Player 12.x are affected. Successful exploitation of the insecure library loading Read more [...]

New VMware Security Advisory VMSA-2017-0008

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: VMSA-2017-0008 – VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities This documents several critical memory corruption vulnerabilities affecting VMware Unified Access Gateway (formerly called Access Point) (8.2.x), Horizon View (7.x, 6.2.x) and Workstation (12.5.x). Issue (a) is a heap-based buffer overflow vulnerability (CVE-2017-4907) which affects VMware Unified Access Read more [...]

New VMware Security Advisory VMSA-2017-0007

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

On Tuesday, 4th of April 2017 a remote code-execution issue in the BlazeDS library (CVE-2017-5641) was disclosed in a US-CERT security advisory. We have reviewed the issue and determined that VMware vCenter Server 6.5 and 6.0 are affected due to the use of BlazeDS to process AMF3 messages. VMware vCenter Server 5.5 is not affected. We have released the following new security advisory which documents the fixes for VMware vCenter Server 6.5 and 6.0 along with the workarounds: VMSA-2017-0007– Read more [...]

The Security Landscape: Pwn2Own 2017

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

During the 2017 Pwn2Own competition at CanSecWest, two teams succeeded in demonstrating arbitrary host code execution on VMware Workstation. Today, VMware is releasing updated versions of VMware vSphere ESXi, VMware Fusion, and VMware Workstation to address these vulnerabilities. No active exploitation VMware is not aware of any active exploitation of the vulnerabilities revealed in this competition. Though the vulnerabilities seem to apply to all VMware virtual platforms Read more [...]

VMware Workstation target at Pwn2Own 2017

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

The Pwn2Own competition organized by Trend Micro’s ZDI has just wrapped up at Vancouver. VMware Workstation was a target at this competition. In total, two teams managed to show that they could execute code on the VMware Workstation host from the guest. We are currently investigating these issues after having received the details from the teams directly. The issues were demonstrated on Workstation and we are investigating impact of them on ESXi and Fusion. We would like to thank ZDI, Team Read more [...]

New VMware Security Advisory VMSA-2017-0005

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: VMSA-2017-0005 – VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability The advisory documents a critical severity out-of-bounds memory access vulnerability (CVE-2017-4901). Exploitation of the issue may allow a guest to execute code on the operating system that runs Workstation or Fusion. ESXi is not affected. Please sign up to the Security-Announce mailing list to receive new and updated VMware Read more [...]

VMSA-2017-0004

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Greetings from the VMware Security Response Center! By now I am sure you have all heard about the Apache Struts 2 remote code execution vulnerability identified by CVE-2017-5638 which was disclosed last week. If you haven’t, welcome! You can find the original advisory from Apache here to get yourself caught up. In response, the VMware Security Engineering, Communications, and Response group (vSECR) immediately began investigations into the vulnerability and how it may affect our products. The Read more [...]

New VMware Security Advisory VMSA-2017-0003

This post was originally published on this site

This is a critical security advisory from VMware (VMSA)

Today VMware has released the following new security advisory: “VMSA-2017-0003 – VMware Workstation update addresses multiple security issues” The advisory documents an important severity DLL loading issue (CVE-2017-4898) and two moderate severity security issues (CVE-2017-4899  and CVE-2017-4900) in the SVGA driver of VMware Workstation Pro/Player. All versions of Workstation Pro/Player 12.x are affected. Issue a is DLL hijacking issue that occurs due to the “vmware-vmx” Read more [...]