Updated VirtualCenter addresses User Account Disclosure Vulnerability
VirtualCenter 2.5 previous to Update 2
VirutalCenter 2.0.2 previous to Update 5
An information disclosure vulnerability is present in VirtualCenter.
Exploitation of this flaw might result in disclosure of the user names of system accounts.
VMware would like to thank Brett Moore of Insomnia Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3514 to this issue.
* hosted products are VMware Workstation, Player, ACE, Server, Fusion
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.5 Update 2 build 104263
DVD iso image
VMware VirtualCenter 2.0.2 Update 5 build 104182
DVD iso image
Initial release following release of VirtualCenter 2.0.2 Update 5
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at:
VMware Security Center
VMware security response policy
General support life cycle policy
VMware Infrastructure support life cycle policy
Copyright 2008 VMware Inc. All rights reserved.