Virtualisation vendor VMware says it has fixed seven security bugs in the free version of its hypervisor, which could let hackers launch denial-of-service attacks, change user privileges and forge RSA key signatures.
VMware identified the problems in VMware Server, the company's free server virtualisation software, and fixed them in newly released version 1.0.5. VMware first reported the problems on Monday, according to a Secunia security advisory, which classifies the vulnerabilities as 'less critical'.
Users should upgrade to version 1.0.5 to avoid potential security problems. VMware conducted an internal security audit that found an insecurely created object that malicious users could exploit to "escalate privileges or create a denial-of-service attack", VMware states on its website. Two other bugs also let users attain privileges they're not entitled to.
One vulnerability that lets users forge RSA key signatures was solved by upgrading VMware Server to a newer edition of OpenSSL, an open-source security toolkit.
The vendor also found that VMware Workstation - which lets multiple operating systems run concurrently on a single PC - contained a vulnerability while running on Windows that allows a guest machine complete access to a host's file system, including the "ability to create and modify executable files in sensitive locations".
VMware, the market share leader in server virtualisation, has publicly put a high priority on security recently, with the release of a new set of APIs that gives security vendors access to its hypervisor. This should lead to better protection against viruses, Trojans and keyloggers in the future, VMware said.