With the recent initial public offering of VMware Inc. being greeted with a resounding cheer from investors, it's clear that virtualization is increasingly important to businesses. Corporations are working virtualization strategies into their budgets and plans, and suppliers have responded with a number of products. In fact, two major players in the industry, VMware and Microsoft Corp., are offering their previously for-pay server products for free, presumably to foster demand for their more-expensive and more-capable enterprise systems.Obviously they missed out a lot of other free tools, check out my tag cloud for more details. Read the rest here.
For casual use, of course, the desktop versions of these products -- also freely available -- will work, but what if you want to scale and consolidate multiple physical servers onto one? What if you're interested in management features, monitoring and the ability to move machines from one virtual machine server to another? It's time to consider a server-level product.
Let's take a look at the free server offerings from VMware and Microsoft. In particular, we'll look at the comparative advantages of each -- after all, they both run virtual machines, and they both do it pretty well; it's the features "on the margin" that will make a difference to you.
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Comments
Post a Comment