Article
Search:
RSS
VMware VirtualCenter Security Issue Exposed

Secunia has reported that Brett Moore of Insomnia Security found a security issue in VMware VirtualCenter.

A security issue has been reported in VMware VirtualCenter, which can be exploited by malicious users to disclose certain system information.

The security issue is caused due to the VirtualCenter backend service not correctly checking permissions when performing certain actions. This can be exploited to e.g. disclose user names of system accounts.

The security issue is reported in version 2.0.2 prior Update 5 and 2.5 prior Update 2. Other versions may also be affected.

Solution:
Update to a fixed version.

VMware VirtualCenter 2.5:
Update to VirtualCenter 2.5 Update 2.
http://www.vmware.com/download/download.do?downloadGroup=VC250U2

VMware VirtualCenter 2.0.2:
Update to VirtualCenter 2.0.2 Update 5
http://www.vmware.com/downloads/download.do?downloadGroup=VC202U5

Published Thursday, August 14, 2008 6:28 AM by David Marshall
Filed under:
Share this post: del.ici.ousDel.ici.ous Digg ThisDigg Newsvine ThisNewsvine Reddit ThisReddit Slashdot It!Slashdot TechnoratiTechnorati
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<August 2008>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
31123456
Tags
Archives
Links
Events
Platform Technology
Virtualization Books
Virtualization Sites