Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

ESX Security Vulnerabilities

Within the last few days, VMware has acknowledged the presence of a number of security vulnerabilities within the flagship ESX Server product. At least two of these vulnerabilities were discovered during an internal security audit of the code, but it’s unclear how many of the rest were internally discovered or externally discovered and reported to VMware. There has been no indication that there are any publicly-available exploits for any of these vulnerabilities.

In fact, in two of the vulnerabilities disclosed by VMware, the attack vectors are currently listed as “unknown.”

For more information, refer to one of the following links:

Secunia - VMware ESX Server Multiple Vulnerabilities

SecurityTracker - VMware ESX Server Double Free Error May Let Remote Users Execute Arbitrary Code

VMware - ESX Server 3.0.1, Patch Bundle ESX-6431040: Security Fix For Buffer Overflow Issue

Installing the patches does require that all VMs on that host be powered off or moved to another host using VMotion, but a reboot of the physical host is not required.

Metadata and Navigation

Be social and share this post!