[VIM] VMware vendor advisory page

security curmudgeon jericho at attrition.org
Thu Dec 29 01:04:45 EST 2005

: Cool, I did not know that...
: http://www.vmware.com/support/kb/enduser/std_alp.php?p_search_text=alertz&p_sort_by=faqs.faq_id%3AD

I hit this very recently actually. Ended up with 3 OSVDB entries I could 
not get dates for. Mail to VMWare was not answered either.


From: security curmudgeon <jericho at attrition.org>
To: Mods <moderators at osvdb.org>
Date: Fri, 9 Dec 2005 04:15:10 -0500 (EST)
Subject: Re: [OSVDB Mods] VMWare

: Doing some quick research on VMWare today:
: I looked on OSVDB:
: Looking on the VMWARE site:
: 79 Answers Found  in KB
: http://www.vmware.com/support/kb/enduser/std_alp.php?p_sid=dwhBYoWh
: &p_lva=&p_li=&p_page=1&p_prod_lvl1=%7Eany%7E&p_prod_lvl2=%7Eany%7E&p_search_
: text=security&p_new_search=1&p_search_type=7&p_sort_by=dflt
: Looks like quite a few might just be additional refs to other bugs......

Spend 3 hours on this tonight. I added the vmware entries to a lot of 
existing bugs (entire first page, part of second), then got tired of it.

Sorted all 3 pages for potential new entries and picked out 3 i am sure 
we don't have, and 2 more that i'm 95% sure we don't (flagged to sullo 
for him to verify).

the only problem with these.. the vmware dickhats don't include release 
dates on these entries. absolutely NO clue when to date them, not even 
what year.

1002909: VMWare ESX Server TCP Packet Filtering Weakness
(has cert kb w/ date)

1002910: VMWare ESX Server RPCI Mechanism Unspecified DoS
(no date at all to go off)

1002912: VMWare ESX Server Unspecified Local Privilege Escalation
(no date at all)

1002913: sullo: VMWare ESX Server Multiple Command Unprivileged Local Shutdown DoS
(no date at all)

1002911: sullo: VMWare GSX Server vmware-authd.exe USER Command Overflow
(date from mail list post)

More information about the VIM mailing list