VMware Fixes Vulnerabilities -- Redmond Channel Partner

VMware Fixes Vulnerabilities

By Joab Jackson
March 18, 2008

VMware has issued patches that will eliminate the vulnerabilities found last month, according to an announcement the company posted on some security news mailing lists today.

The vulnerability allowed users of some VMware products to escape virtualized environments and enter the host systems with full privileges.

To patch the hole, the company has updated:

VMware Workstation version 5 and version 6
VMware Player
VMware Server
VMware ACE and
VMware Fusion.

The vulnerability, called a path traversal, involves the manipulation of VMware shared folders that are used to transfer data between the guest virtualized system and the host system. A user in a virtual environment could type in a path name that would provide entry into the host system, with full read and write privileges.

The vulnerability does not affect ESX Server or Linux versions of the VMware software.

The patches cover CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363 and CVE-2008-1340, as categorized by the Common Vulnerabilities and Exposures project.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft to Shut Down Skype Services

Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.
Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft officially announced this week that it is discontinuing its HoloLens mixed reality hardware, marking the end of its efforts in the space.
Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

On Monday, Microsoft released the last major update for Exchange Server 2019. The aging Exchange Server is set to lose support on Oct. 14, 2025.
Windows 11 Installation Streamlined for New Devices

Microsoft is introducing new policy changes that will give IT administrators greater control over Windows 11 updates during the initial setup of new devices.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

VMware Fixes Vulnerabilities

Featured

Microsoft to Shut Down Skype Services

Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

Windows 11 Installation Streamlined for New Devices

Microsoft to Shut Down Skype Services

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils 2025 Roadmap for Dynamics 365, Copilot and Power Platform

The Ingredients of Recurring Partner Revenue: Volume and Customer Satisfaction

CompTIA's Channel Arm Becomes the GTIA

Microsoft to Shut Down Skype Services

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils 2025 Roadmap for Dynamics 365, Copilot and Power Platform

The Ingredients of Recurring Partner Revenue: Volume and Customer Satisfaction

CompTIA's Channel Arm Becomes the GTIA

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | What Keeps MSPs Up at Night? Addressing Key Risks and Building Resilience

Unlocking a New Era of Tax Automation within Microsoft Dynamics 365: Introducing Vertex's API-Based Tax Integration

Unlocking Revenue Growth with Vertex and Microsoft: A Winning Partnership

Microsoft Ignite 2024: Top Announcements and Takeaways

FREE WHITE PAPERS FROM OUR SPONSORS

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry

Data Analytics Drive Supply Chain Optimization

Digital Transformation: The Case for Moving Tax to the Cloud