Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

VMware reports 3 security flaws that deserve your urgent attention

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 29, 2017

We took good note this morning that VMware has reported no less than three security flaws that deserve system administrators their immediate attention.

The three are lumped under bulletin VMSA-2017-0006, but there's actually four CVE's to consider. This is critical.

The first security flaw is a heap buffer overflow and uninitialized stack memory usage in SVGA that impacts VMware's ESXi, Workstation and Fusion products, the company asserts its users.

“Those security issues may allow a guest to execute code on the host”, VMware asserts users.

For its part, CVE-2017-4902 describes the heap issue and CVE-2017-4903 addresses the stack security problem.

Various patches are available for ESXi and there are new versions of the Workstation and Fusion desktop hypervisors that sort things out as well.

Security hole number two targets the three products' XHCI controller, which suffers from uninitialized memory utilization.

“That issue may allow a guest to execute code on the host,” VMware warns. “The issue is reduced to a Denial of Service of the guest on ESXi 5.5.” This one's CVE-2017-4904 and again has security patches available.

The issues discussed above are rated very critical. The third, CVE-2017-4905, scores just “moderate” status as it can lead to just an information leak.

Uninitialized memory usage is again the main culprit, with overall fixes available for ESXi 5.5 through 6.5. Fusion and Worksation users just need to update their wares.

It's also important to note that VMware tips its hat to security research teams at Chinese companies Tencent and Qihoo for finding some of the security holes, perhaps a sign that VMware is attracting lots of attention in China as of late.

We must also give credit to Tipping Point's Zero Day Initiative since it gets a nod of thanks as well. We'll keep you in the loop.

Source: VMware.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer