Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

VMware vulnerability in NAT networking

from [vmware-security-alert] Network Security [Permanent Link]
Subject: VMware vulnerability in NAT networking
Date: 21 Dec 2005 07:47:48 -0000 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VULNERABILITY SUMMARY
A vulnerability has been discovered in vmnat.exe on Windows hosts and
vmnet-natd on Linux systems. 
The vulnerability makes it possible for a malicious guest using a NAT networking
configuration to execute unwanted code on the host machine. 

AFFECTED SYSTEMS:
VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player.

RESOLUTION:
VMware believes that the vulnerability is very serious, and recommends that
affected users update their products to the new releases or change the 
configuration of 
the virtual machine so it does not use NAT networking. 

The new releases are now available for download at www.vmware.com/download

If you choose not to update your product but want to ensure that the NAT service
is not available, you can disable it completely on VMware Workstation or VMware
GSX Server by following the instructions in the Knowledge Base article (Answer 
ID 2002) at
http://www.vmware.com/support/kb.

VMware thanks Tim Shelton of ACS Security Assessment Engineering, Affiliated
Computer Services, Inc., for reporting this vulnerability. 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ
8IsO2kOVTmwHSMbAGSRN1qw=
=nmuM
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • VMware vulnerability in NAT networking, vmware-security-alert <=
Previous by Date:  WinRAR - Processing Filename Incorrectly Vulnerability, agoanywhere
Next by Date:  XSS vulnerabilities in Google.com, Watchfire Research
Previous by Thread:  WinRAR - Processing Filename Incorrectly Vulnerability, agoanywhere
Next by Thread:  XSS vulnerabilities in Google.com, Watchfire Research
Indexes:  [Date] [Thread] [Top] [All Lists]