VMware heeft buildnummer 156745 van zijn virtualisatie software Server 2.0.1 uitgebracht. Dit pakket doet zijn werk onder Linux en Windows en is in staat om via een virtuele machine diverse besturingssystemen op de hostcomputer te laten draaien. Voor de gast computer kan je gebruikmaken van verschillende BSD-varianten, diverse Linux-distributies, Solaris en Windows. Voor meer informatie verwijzen we jullie door naar deze pagina en deze handleiding in pdf-formaat. De lijst met veranderingen voor versie 2.0.1 ziet er als volgt uit:
What’s New
Server 2.0.1 is a maintenance release that resolves security as well as some known issues. With this release of VMware Server, certain new features and support have been added.
Support for New Guest Operating Systems
VMware provides support for the following operating systems for Server 2.0.1:
- Asianux Server 3.0 Service Pack 1
- CentoOS 4.7
- CentOS 5.2
- Windows Essential Business Server (EBS) and Small Business Server (SBS) 2008
- Windows Small Business Server 2003 Service Pack 2
- Windows XP Service Pack 3
- Windows Vista Service Pack 1
Security Fixes:
- VMnc codec heap overflow vulnerabilities
The VMnc codec assists in record and replay of sessions which are records of the dynamic virtual machine state over a period of time. Two heap overflow vulnerabilities might allow a remote attacker to execute arbitrary code on VMware hosted products. For an attack to be successful, the user must visit a malicious Web page or open a malicious video file. The Common Vulnerabilities and Exposures project has assigned the names CVE-2009-0909 and CVE-2009-0910 to these issues.- A VMCI privilege escalation on Windows-based hosts or Windows-based guests
The Virtual Machine Communication Interface (VMCI) provides fast and efficient communication between two or more virtual machines on the same host and between a virtual machine and the host operating system. A vulnerability in vmci.sys might allow privilege escalation on Windows-based machines. This might occur on Windows-based hosts or inside Windows-based guest operating systems. Current versions of ESX Server do not support the VMCI interface and hence they are not affected by this vulnerability. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1147 to this issue.- A remote denial-of-service vulnerability in authd for Windows-based hosts
A vulnerability in vmware-authd.exe might cause a denial-of-service condition on Windows hosts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-0177 to this issue.- Updated vm-support script
This release improves data collection when the vm-support script is run by the Server administrator on request of VMware support or its support partners. The file that contains the SSL keys for communication between Server and vCenter and other applications is no longer collected. For more details, see the KB article Data Security Best Practices – SSL keys for communicating with VirtualCenter and other applications (KB 1008166).- Windows-based host privilege escalation in hcmon.sys
A vulnerability in an I/O Control (ioctl) function in hcmon.sys might be used to escalate privileges on a Windows-based host. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1146 to this issue. New releases of hosted products address a denial-of-service problem described in CVE-2008-3761, which can only be exploited by a privileged Windows account.- Denial-of -service vulnerability in a virtual device
A vulnerability in a guest virtual device driver might allow a guest operating system to cause the host and consequently any virtual machine on that host to fail. The Common Vulnerabilities and Exposures project has assigned the name CVE-2008-4916 to this issue.Miscellaneous Fixes:
- Mount installer option mounts current CD-ROM image instead of VMware Tools installer image
If a CD-ROM image is mounted to a virtual machine with VMware Tools installed, the Mount installer option in the Web UI incorrectly mounts the CD-ROM image instead of the VMware Tools image. The issue is resolved in this release.- Unable to install the latest version of VIX API on Server 2.0.x
You cannot install VMware VIX API 1.6.2 of due to an issue with the MSI installer for VIX API. This issue is resolved in this release.- The default VI Web Access HTTP connection port is 8222 and the default HTTPS port is 8333. If you use these defaults, or any values other than 80 (HTTP) and 443 (HTTPS), you must specify the port number when you connect to VMware Server using VI Web Access. You must also allow connection to these ports through your firewall. An example URL to connect to VI Web Access is http://server_host:8222 If you want to use ports 80 (HTTP) and 443 (HTTPS), override the default values during installation. Note: If you are running IIS or Apache web server on the default ports, specify alternate HTTP and HTTP ports when prompted by the Windows installer or vmware-config.pl. Alternatively, stop IIS’s default Web site or any other Web site running on these ports. On Linux, shut down Apache or any other application using these ports and make sure they are not configured to restart automatically. This issue is resolved in this release.