Are you running VMware View? If so, you will want to look at implementing this newly released security patch from VMware that resolves a potential scenario where a guest user, who has been given access to particular files on a VM, could potentially prompt the VM to traverse directories and retrieve files that this user should not have access to, eg: hashed passwords, etc.
I don’t normally cover security patch updates on TechHead as they are common place across all software products these days, though this particular vulnerability is a particularly nasty one that could have far reaching security implications for your virtualized VMware environment so I thought it worth a mention.
What Versions of View are affected?
The affected versions of VMware View are:
VMware View 5.x prior to version 5.1.2
VMware View 4.x prior to version 4.6.2
More Information & Fix
For more information see this VMware Security Advisory which also includes a link to the downloadable patch.
- As always, ensure you have full working backups before applying any patches else tempt the patching gods, who will teach you a lesson by making it go all horribly wrong!
About Simon Seagrave
Fancy automatically receiving all new TechHead posts by email? If so, then simply sign up below.
My name is Simon Seagrave and I am a London (UK) based Senior Technology Consultant and Technical Marketing Manager working for EMC. I love my work & spend most of my time working with Virtualisation & other Enterprise IT based technologies, in particular VMware, EMC and HP products.
I am a VMware vExpert (2009 - 2014) and am also EMC Elect 2013 & 2014.
Speak Your Mind