HP also announced the addition of Xen and guest operating system support for Debian to the HP Partner Virtualization Program that enables ISVs to build and verify applications in a secure, virtualized environment. Through the program, partners will have access to HP's entire server portfolio using HP Integrity, ProLiant and BladeSystem platforms running a broad range of operating systems and virtual machines. In addition, HP also announced the expansion of its Pay-Per-Use flexible pricing structure for Linux running on HP Integrity servers, whereby computing capacity is readily available to customers, who are then billed for only what they use. The addition of Linux completes the PPU offering across all operating systems on the HP Integrity platform, including HP-UX, Windows, and OpenVMS.Read on...
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Comments
Post a Comment