Virtualization software vendor VMware has come up with an update recently to patch the security issue in the vSphere API. The update fixes a denial-of-service (DoS) vulnerability in ESXi andESX, and it also undertook many open-source security patches for the ESX Service Console.
The company gave details in an advisory, “The VMware vSphere API contains a denial-of-service vulnerability,” it further explained, “This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected.”
These days virtualization has become the foremost target for the attacks and infringements, especially for the managers and administrators, at that stage it is most convenient to exploit a virtual based environment and attain the “keys to the kingdom” according to Eric Chiu, the founder and president of virtualization security vendor Hy Trust.
He further said, “This really shows how vulnerabilities can be exploited, and how important it is to secure today’s virtualization and cloud environments; after all, this is the new [operating system] of the data center and provides access to the virtual machines, the virtual network and mission-critical enterprise applications, and the virtualized storage resources as well,”
Along with the API patch, VMware’s update also includes issue fixing in the ESX Service Console’s expat, nss packages, python and nspr. This undertakes heal for the Network Security Services RPMs and ESX Service Console Netscape Portable Runtime to editions nspr-18.104.22.168.el5_8 and nss-22.214.171.124.9834.
Also Mulholland wrote in its November 4 statement, “It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment.”
- 64-bit CPUs and Virtualization Software Vulnerable to Intel CPUs
- Software at Risk Due to Hypervisors Attack
- DataCore Software Showcases the Benefits of Software-Based Solutions in Virtualization
- A treat for EdX CS students in form of free virtualization software
- Desktop Virtualization Strategy Activated By VMware