|
VMware ESX Server Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA21230
|
|
|
Release Date:
|
2006-08-01
|
|
Last Update:
|
2006-08-25
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Hijacking
Cross Site Scripting
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | VMware ESX Server 2.x
|
|
| | CVE reference: | CVE-2005-3618 (Secunia mirror)
CVE-2005-3620 (Secunia mirror)
CVE-2006-2481 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Corsaire has reported some vulnerabilities in VMware ESX Server, which can be exploited to gain knowledge of potentially sensitive information or conduct cross-site request forgery attacks.
1) When changing passwords using the management interface, the GET request containing the password in clear text is logged to a world-readable file.
2) The management interface uses a proprietary session ID format containing authentication credentials encoded in base64. If malicious people get hold of the session cookies, it's possible to gain knowledge of the user account and password.
3) The management interface allows users to perform certain actions via HTTP GET requests without performing any validity checks to verify the user's request. This can be exploited to change a user's password when user visits a malicious web site while logged in.
Solution:
According to the researchers, the vulnerabilities have been fixed in version 2.5.3 Upgrade Patch 2, 2.1.3 Upgrade Patch 1, and 2.0.2 Upgrade Patch 1.
Provided and/or discovered by:
Stephen de Vries og Martin O'Neal, Corsaire.
Changelog:
2006-08-25: Added link to US-CERT.
Original Advisory:
http://www.corsaire.com/advisories/c060512-001.txt
http://www.corsaire.com/advisories/c051114-001.txt
http://www.corsaire.com/advisories/c051114-003.txt
Other References:
US-CERT VU#822476:
http://www.kb.cert.org/vuls/id/822476
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
19 Related Secunia Security Advisories, displaying 10
|
|
|
1. VMware ESX Server update for Samba and vmnix
|
|
2. VMware Products Multiple Vulnerabilities
|
|
3. VMware ESX Server Multiple Security Updates
|
|
4. VMware ESX Server update for libxml2
|
|
5. VMware ESX Server update for e2fsprogs
|
|
6. VMware ESX Server Multiple Updates
|
|
7. VMware ESX Server Multiple Security Updates
|
|
8. VMware ESX Server Multiple Security Updates
|
|
9. VMWare Products Multiple Vulnerabilities
|
|
10. VMware Products Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
