[security-alerts] FW: [SA24636] VMware ESX Server Multiple Security Updates

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> VMware ESX Server Multiple Security Updates
> 
> SECUNIA ADVISORY ID:
> SA24636
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24636/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Manipulation of data, Privilege escalation, DoS, System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> VMware ESX Server 3.x
> http://secunia.com/product/10757/
> VMware ESX Server 2.x
> http://secunia.com/product/2125/
> 
> DESCRIPTION:
> VMware has issued an update for VMware ESX Server. This fixes some
> vulnerabilities, which can be exploited by malicious, local users to
> gain escalated privileges, and by malicious people to overwrite
> arbitrary files, cause a DoS (Denial of Service) and potentially
> compromise a vulnerable system.
> 
> For more information:
> SA21890
> SA21996
> SA23115
> 
> Additionally, VMware ESX Server was updated to protect against a
> guest kernel memory corruption, which could cause a DoS and an error
> within 64bit syscall instruction handling. This, in turn, could cause
> a panic in 64bit virtual machines.
> 
> SOLUTION:
> Apply patches. Please see vendor advisory for details.
> 
> ORIGINAL ADVISORY:
> http://kb.vmware.com/kb/5031800
> http://kb.vmware.com/kb/5885387
> http://kb.vmware.com/kb/6856573
> http://kb.vmware.com/kb/3003211
> http://kb.vmware.com/kb/3194055
> http://kb.vmware.com/kb/3496682
> 
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/
> 053268.html
> 
> OTHER REFERENCES:
> SA21890:
> http://secunia.com/advisories/21890/
> 
> SA21996:
> http://secunia.com/advisories/21996/
> 
> SA23115:
> http://secunia.com/advisories/23115/
> 
>