[Dailydave] Congrats to Ryan Smith and Neel Mehta!
Dave Aitel
dave at immunityinc.com
Thu Sep 20 09:45:45 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For their VMWare DHCP bug:
This release fixes several vulnerabilities in the DHCP server
that could enable a specially crafted packets to gain system-level
privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
I wonder if there's any way to trigger that when you're not behind the
VMWare NAT or in Host-Only mode.
Also this bug from Rafal Wojtchzvk looks really cool (and quite vague
- - does it work without VMWare tools installed? Going to have to say he
plays with the paravirtualization stack maybe?).
This release fixes a security vulnerability that could allow a
guest operating system user with administrative privileges to cause
memory corruption in a host process, and thus potentially execute
arbitrary code on the host. (CVE-2007-4496)
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG8nmHB8JNm+PA+iURAqr7AJ9EvT31TADKMJzwfAfYHLyctFvpFACeI/Id
QIHXZcz/OnIk0cU1inlPTXE=
=ViUZ
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list