| JP Vossen on 18 Sep 2017 08:03:04 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] VMware Patches Bug That Allows Guest to Execute Code on Host |
https://threatpost.com/vmware-patches-bug-that-allows-guest-to-execute-code-on-host/127990/ VMware Patches Bug That Allows Guest to Execute Code on Host by Chris Brook September 15, 2017 , 11:51 am ...The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host, according to a VMware security advisory posted early Friday.
The issue, CVE-2017-4924, discovered by researchers Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG, affects version 6.5 of ESXi but not versions 6.0 and 5.5. It also affects version 12.x of Workstation and version 8.x of Fusion. As the bug could allow code execution it’s marked as critical by VMware.
... (And 2 other bugs, read the article...) Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug