VMWare Security Advisory VMSA-2011-0001 - SANS Internet Storm Center

SANS ISC: VMWare Security Advisory VMSA-2011-0001 - SANS Internet Storm Center

SANS Site Network
- Current Site
- SANS Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

SANS ISC InfoSec Forums

VMWare Security Advisory VMSA-2011-0001

VMWare today released Security Advisory VMSA-2011-0001 [1] as well as updated two of last years security advisories [2],[3]

The update patches glibc, sudo and openldap that are used as part of VMWare ESX. The vulnerabilities could be used to escalate privileges if a user has access to the VMWare console or launch a denial of service attack.

Component	CVE Number	CVSS Base Score	Access
glibc	CVE-2010-3847 (not yet released)	-	-
	CVE-2010-3856 (not yet released)	-	-
sudo	CVE-2010-2956	6.2 Medium	local
openldap	CVE-2010-0211	5.0 Medium	network
	CVE-2010-0212	5.0 Medium	network

[1] http://www.vmware.com/security/advisories/VMSA-2011-0001.html
[2] http://www.vmware.com/security/advisories/VMSA-2010-0017.html
[3] http://www.vmware.com/security/advisories/VMSA-2010-0016.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022

Johannes

4473 Posts
ISC Handler

Jan 5th 2011

Thread locked Subscribe

Jan 5th 2011
1 decade ago