Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can use three vulnerabilities of VMware vCenter Server
and vSphere Client Installer.

Severity: 2/4

Creation date: 06/05/2011

IMPACTED PRODUCTS

– VMware ESX
– VMware ESXi
– VMware vCenter
– VMware VirtualCenter

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in the VMware vCenter Server
and vSphere Client Installer products.

A remote attacker can read files located outside the root
directory of vCenter/VirtualCenter. [severity:2/4; CVE-2011-0426]

An attacker who is authenticated on vCenter can obtain the SOAP
session identifier, in order to elevate his privileges.
[severity:2/4; CVE-2011-1788]

The vSphere Client Installer displays an error message indicating
that it is not signed. [severity:1/4; CVE-2011-1789]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/VMware-vCenter-vSphere-three-vulnerabilities-10620