|
|
|
|
| |
Credit:
The information has been provided by VMware Security Team.
|
| |
Vulnerable Systems:
* VMware ESX version 4.0
A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
Service Console package for sudo has been updated to version sudo-1.6.9p17-3. This fixes the following issue: Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command.
Service Console package for curl has been updated to version curl-7.15.5-2.1. This fixes the following issue: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.
Patch Availability:
VMware has released the following patches:
http://kb.vmware.com/kb/101178
http://kb.vmware.com/kb/1011781
http://kb.vmware.com/kb/1011782
CVE Information:
CVE-2009-1185, CVE-2009-0034 and CVE-2009-0037
|
|
|
|
|
