Advisory ID: VMSA-2009-0005 Synopsis: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues Issue date: 2009-04-03 Summary: Updated VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues For more information visit VMware Security Center
Compliance Audit? If you are looking to assess the security of your virtual infrastructure as well as audit your VMware infrastructure for compliance reasons, what current options are available? Well you can start by looking at the VMware security hardening guidelines document available at this link which is a good document and can be complimented …
Prevent Direct root Login via SSH Direct root login via SSH should be disabled, the reason for doing so is to prevent anyone from being able to brute force the login credentials for root via ssh and therefore compromise the security of the host. By disabling root login any attacker would now have to guess …
————————————————————————- VMware Security Advisory Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953 ————————————————————————- 1. Summary ESX patches for OpenSSL, vim and bind resolve several security issues. 2. Relevant releases VMware ESX 3.0.3 …
Disable Copy and Paste between Guest OS and Remote Console Allowing data to be copied between your Guest VM’s and your Host OS could create a potential security risk in allowing sensistive data to leak from VM’s and be taken outside of your organisation. If you are creating Virtual Machine infrastructures in DMZ networks then …
Segregation of Duties – Ensure that you assign the appropriate security roles and permissions for access to your VC, ESX and VM Guests Audit, Secure and lock down the VC Database Disable direct ‘ROOT’ logins for each of your ESX Servers Ensure that the ESX Firewall is enabled and configured correctly, disable ports that are …
Update for VirtualCenter updates the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1232, CVE-2008-1947 and CVE-2008-2370 to these issues. For more information see this link…
ESX 2.5.5 patch 12 Build 142708 updates service console package A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has …
How often do you here the phrase that the database is your crown jewels? Probably not as often as you should. In the security world that I frequent we often tell our customers that they should be protecting their data particularly data stored in databases. These treasure houses of information are often overlooked when it …
Greetings from VMworld Europe! The second VMworld in Cannes france is well underway, there are lots of new and exciting things from VMware again such as vShield Zones which is a new technology that allows you to secure your environment by monitoring and enforcing network traffic policies. For more info go check it out at …