VMware fixes dozens of security bugs

VMware last week issued patches for virtualisation products including ESXi, ESX Service Console and vCenter, fixing dozens of security bugs largely found in third-party components such as Oracle's Java Runtime Environment.

The security flaws include some that could potentially allow a remote attacker to execute malicious code on a user's system, VMware said in advisories published on Thursday.

Software components suffering from such bugs include the Kerberos network authentication protocol and the Gzip file compression application, both found in the ESX Service Console OS, according to the company.

The version of Kerberos found in the ESX Service Console OS is affected by integer overflows in the AES and RC4 functionality in the crypto library that could allow remote attackers to cause the daemon to crash. A remote attacker could also possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid, according to VMware.

Gzip's unlzw function, used to decompress LZW-compressed files, is affected by an integer overflow that could allow a remote attacker to trigger an array index error, VMware said. This could lead the application to crash or allow the execution of malicious code via a specially crafted LZW-compressed file.

Other patches affected flaws in components including newt, nfs-utils, kpartx, libvolume_id, device-mapper-multipath, fipscheck, dbus, ed, OpenSSL, BIND, expat, OpenSSH, ntp and sudo.

The patches included more than 50 for the Java Runtime Environment (JRE), VMware said.

The advisory affecting third-party components in ESXi and ESX Service Console can be found here. The advisory affecting ESX Service Console and vSphere Management Assistant (vMA) can be found here. The advisory affecting JRE bugs in VMware vCenter can be found here.