Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: VMWare Security Advisories VMSA-2016-0005 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMWare Security Advisories VMSA-2016-0005

VMWare published today a security advisory about the following CVEs:

  • CVE-2016-3427 Critical JMX issue when deserializing authentication credentials. This vulnerability allows to execute commands to the RMI Server of Oracle JRE JMX without proper authentication. This is a remote and local vulnerability.
  • CVE-2016-2077 Important VMWare Workstation and Player for Windows host privilege escalation vulnerability. This vulnerability allows privilege escalation. It's a local vulnerability.

Not all products are affected and not all affected products already has a patch. If there is not a patch, there is a workaround. Check for more information about your product.

We have not noticed exploits in the wild so far. If you notice one, please let us know using our contact form.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
e-mail: msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

195 Posts
ISC Handler
May 17th 2016

Sign Up for Free or Log In to start participating in the conversation!