Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: VMWare :: b06-2659.htm

VMware Server sensitive information lifetime issue
VMSA-2006-0002 - VMware Server sensitive information lifetime issue
VMSA-2006-0002 - VMware Server sensitive information lifetime issue

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;

Hash: SHA1

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2006-0002
Synopsis:          VMware Server sensitive information lifetime issue
Advisory URL: 
Issue date:        2006-06-01
Updated on:        2006-06-01
CVE Name:          CVE-2006-2662
Bugzilla Number:   pr98108
- -------------------------------------------------------------------

1. Summary:

VMware Server doesn't limit the lifetime of sensitive data.  

VMware has rated the severity of this issue as a Priority 3 issue 
according to Vmware's Security Response Policy.

2. Relevant release:

VMware Server prior to RC-1.

3. Problem description:

When a console connection is made using VMware Server, user 
credentials are kept in memory.  In order for the attacker to 
obtain information, they must have local access to the system 
and read access to the memory, or access to memory crash 

This is only a danger if the attacker already has privileged 
access to your system.

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-2662 to this issue.  

4. Solution:

Upgrade to the latest packages: 

7. References:

The VMware Server product page at: 

Understanding Data Lifetime via Whole System Simulation at: 

8. Acknowledgments

VMware would like to thank Bart Vanautgaerden for reporting this issue.

9. Contact: 

The VMware Security Response Policy 

Copyright 2006 VMware Inc. All rights reserved.

Version: GnuPG v1.4.3 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH