Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

To: VMware Security team <security@xxxxxxxxxx>
Subject: Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Wed, 03 Dec 2008 13:42:11 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <493617F1.5070403@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <493617F1.5070403@xxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3pre) Gecko/20081202 Shredder/3.0b2pre Mnenhy/0.7.6.0

On 12/3/2008 12:24 AM, VMware Security team wrote:

     A memory corruption condition may occur in the virtual machine
     hardware. A malicious request sent from the guest operating
     system to the virtual hardware may cause the virtual hardware to
     write to uncontrolled physical memory.

So, does this vuln potentially allow a guest -> host escalation?"Memory corruption" is kind of vague.

References:
- VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
  - From: VMware Security team

Prev by Date: Re: [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation
Next by Date: [USN-685-1] Net-SNMP vulnerabilities
Previous by thread: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
Next by thread: [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation
Index(es):
- Date
- Thread