Thread-topic: [SA21230] VMware ESX Server Multiple Vulnerabilities
>
> TITLE:
> VMware ESX Server Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA21230
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Less critical
>
> IMPACT:
> Hijacking, Cross Site Scripting, Exposure of sensitive information
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> VMware ESX Server 2.x
>
>
> DESCRIPTION:
> Corsaire has reported some vulnerabilities in VMware ESX Server,
> which can be exploited to gain knowledge of potentially sensitive
> information or conduct cross-site request forgery attacks.
>
> 1) When changing passwords using the management interface, the GET
> request containing the password in clear text is logged to a
> world-readable file.
>
> 2) The management interface uses a proprietary session ID format
> containing authentication credentials encoded in base64. If malicious
> people get hold of the session cookies, it's possible to gain
> knowledge of the user account and password.
>
> 3) The management interface allows users to perform certain actions
> via HTTP GET requests without performing any validity checks to
> verify the user's request. This can be exploited to change a user's
> password when user visits a malicious web site while logged in.
>
> SOLUTION:
> According to the researchers, the vulnerabilities have been fixed in
> version 2.5.3 Upgrade Patch 2, 2.1.3 Upgrade Patch 1, and 2.0.2
> Upgrade Patch 1.
>
> PROVIDED AND/OR DISCOVERED BY:
> Stephen de Vries og Martin O'Neal, Corsaire.
>
> ORIGINAL ADVISORY:
>
>
>
>
