Last week, quite a few major vulnerabilities were discovered in some of our customer’s favorite products, namely:
- VMWare (all products, from ESX Server all the way down to VMware Player)
- Cisco PIX and ASA (versions 7.1, 7.2, 8.0 and 8.1)
- Mac OS X (Both Server and Client editions, 10.4 and 10.5 are affected)
Quite a few of these vulnerabilities are remotely exploitable and especially dangerous on the PIX and unprotected OSX and VMware installations. VMware also looks like it may have a local “VM breakout” bug or two, watch out for these. We strongly recommend getting these products updated as soon as possible.
For more information and relevant links, check out the US-CERT Cyber Security Bulletin SB08-161. Search for the product you’re running on this page.