VMWare update lances virtual bugs
PrintSamba and Python bugs wiggle into virtualisation software
Posted in Software & Security, 22nd February 2008 12:01 GMT
Free whitepaper – What Exchange can't do - and Dell can
VMware has updated ESX Server to defend against multiple holes in its virtualisation software.
A flaw involving the aacraid SCSI driver might be abused by malicious local users to bypass security restrictions or crash vulnerable systems. The security bug affects both VMware ESX Server 2.x and 3.x versions of the software.
Vulnerable systems could also be compromised by remote hackers with a separate flaw in the service console packages supported by ESX Server.
A stack buffer overflow flaw in the way Samba authenticates remote users and an integer overflow involving the way Python's Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions both allow hackers to inject code into vulnerable systems, as explained in an advisory by VMWare published on Thursday here.
Discovery of the flaws is credited to Adaptec, security notification firm Secunia, and Google. Secunia has published an overview of the bugs here.
The increased use of virtualisation in corporate data centres and elsewhere has raised the profile of the technology. Security handlers at the SANS Institute's Internet Storm Centre described how the technology is showing signs of becoming a battleground between security researchers and crackers, as well as outlining a possible response, in an article published last September here. ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
Straight Talk with Dell: Sending out an SaaS
Seven ways to optimize VMware server virtualization
Automating the Acquisition Process with Enterprise Level CRM
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs