We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

VMware fixes seven virtualisation bugs

Users told to upgrade to avoid security problems

Virtualisation vendor VMware says it has fixed seven security bugs in the free version of its hypervisor, which could let hackers launch denial-of-service attacks, change user privileges and forge RSA key signatures.

VMware identified the problems in VMware Server, the company's free server virtualisation software, and fixed them in newly released version 1.0.5. VMware first reported the problems on Monday, according to a Secunia security advisory, which classifies the vulnerabilities as 'less critical'.

Users should upgrade to version 1.0.5 to avoid potential security problems. VMware conducted an internal security audit that found an insecurely created object that malicious users could exploit to "escalate privileges or create a denial-of-service attack", VMware states on its website. Two other bugs also let users attain privileges they're not entitled to.

One vulnerability that lets users forge RSA key signatures was solved by upgrading VMware Server to a newer edition of OpenSSL, an open-source security toolkit.

The vendor also found that VMware Workstation - which lets multiple operating systems run concurrently on a single PC - contained a vulnerability while running on Windows that allows a guest machine complete access to a host's file system, including the "ability to create and modify executable files in sensitive locations".

VMware, the market share leader in server virtualisation, has publicly put a high priority on security recently, with the release of a new set of APIs that gives security vendors access to its hypervisor. This should lead to better protection against viruses, Trojans and keyloggers in the future, VMware said.

Related articles:

FAQ: Virtualisation in the SMB

Business Advisor


IDG UK Sites

Windows 10 launch event as it happened: Read our Windows 10 launch live blog - find out first as...

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here โ€“ HDR video, VR and 3D audio is coming

IDG UK Sites

Best iPhone 6, iPhone 6 Plus deals: iPhone 6, iPhone 6 Plus tariffs, contracts and prices UK