1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




VMware ESX / ESXi Server Multiple Vulnerabilities

Report ID: SA31713
Source: Secunia
Date of Discovery: 01.09.2008
Criticality: Low
Affects:
VMware ESX Server 3.x
VMware ESXi 3.x

Compromise From: From remote
Compromise Type: DoS

Summary

VMware has acknowledged a weakness and a vulnerability in VMware ESX Server, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).

Detailed Description

VMware has acknowledged a weakness and a vulnerability in VMware ESX Server, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).

1) An error in libpng can be exploited by malicious people to cause a DoS.

For more information:
SA27093

2) The VMware Consolidated Backup(VCB) command-line utilities use the password as command line argument when invoking other programs. This can be exploited to disclose the password via e.g. the "ps" command.

Successful exploitation requires access to the service console.

This vulnerability does not affect VMware ESXi 3.5.

Solution

Apply patches if available. See vendor advisory for details.

Original Reference

-

CVE Reference

CVE-2007-5269
CVE-2008-2101