|VMware Security Advisory|
|Synopsis:||ESX 2.5.5 patch 12 updates service console packag ed|
|Updated on:||2009-01-26 (initial release of advisory)|
Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to ESX 3.0.3
"ed" is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts).
A heap-based buffer overflow was discovered in the way "ed", the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the "ed" editor.
The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2008-3916 to this issue.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
|VMware Product||Product Version||Running on||Replace with/ Apply Patch|
|ESX||2.5.5||ESX||Upgrade Patch 12|
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
ESX 2.5.5 Upgrade Patch 12 Build 142709
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
PGP key at:
VMware Security Advisories
VMware security response policy
General support life cycle policy
VMware Infrastructure support life cycle policy
Copyright 2011 VMware Inc. All rights reserved.