lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051221074748.3618.qmail@securityfocus.com>
Date: 21 Dec 2005 07:47:48 -0000
From: vmware-security-alert@...are.com
To: bugtraq@...urityfocus.com
Subject: VMware vulnerability in NAT networking


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VULNERABILITY SUMMARY
A vulnerability has been discovered in vmnat.exe on Windows hosts and
vmnet-natd on Linux systems. 
The vulnerability makes it possible for a malicious guest using a NAT networking
configuration to execute unwanted code on the host machine. 

AFFECTED SYSTEMS:
VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player.

RESOLUTION:
VMware believes that the vulnerability is very serious, and recommends that
affected users update their products to the new releases or change the configuration of 
the virtual machine so it does not use NAT networking. 

The new releases are now available for download at www.vmware.com/download

If you choose not to update your product but want to ensure that the NAT service
is not available, you can disable it completely on VMware Workstation or VMware
GSX Server by following the instructions in the Knowledge Base article (Answer ID 2002) at
http://www.vmware.com/support/kb.

VMware thanks Tim Shelton of ACS Security Assessment Engineering, Affiliated
Computer Services, Inc., for reporting this vulnerability. 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ
8IsO2kOVTmwHSMbAGSRN1qw=
=nmuM
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ