Monday, October 06, 2008 4:37 PM cmosby

VMware VirtualCenter Multiple Vulnerabilities - Secunia

VMware VirtualCenter Multiple Vulnerabilities
Secunia Advisory: SA32179 Release Date: 2008-10-06 Popularity: 238 views
Critical:
Highly critical Impact: Security Bypass
Exposure of system information
Exposure of sensitive information
DoS
System access
Where: From remote Solution Status: Partial Fix
Software:VMware VirtualCenter 2.x

Subscribe: Instant alerts on relevant vulnerabilities
CVE reference:CVE-2008-3103
CVE-2008-3104
CVE-2008-3105
CVE-2008-3106
CVE-2008-3107
CVE-2008-3108
CVE-2008-3109
CVE-2008-3110
CVE-2008-3111
CVE-2008-3112
CVE-2008-3113
CVE-2008-3114
CVE-2008-3115
CVE-2008-4278


Description:
VMware has acknowledged a weakness and some vulnerabilities in VMware VirtualCenter, which can be exploited by malicious, local users to disclose sensitive information, and by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

1) The problem is that the Virtual Infrastructure Client displays the VirtualCenter Server password in cleartext when logging in, if the password contains certain unspecified special characters.

NOTE: The weakness affects only VirtualCenter 2.5.

2) Several vulnerabilities in Sun Java JDK / JRE can be exploited to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

For more information:
SA31010

Solution:
VirtualCenter 2.5:
Update to version 2.5 update 3 build 119838.
www.vmware.com/download/download.do

VirtualCenter 2.0.2:
Reportedly, an updated version is pending release.

Provided and/or discovered by:
1) The vendor credits Mark Woollatt.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Other References:
SA31010:
http://secunia.com/advisories/31010/ Filed under: , , , ,

Comments

No Comments