New User, Welcome!     Login

Department of Defense

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821

Software Description
- --------------------

The U.S. Defense Information Systems Agency (DISA) publishes Security
Readiness Review scripts (SRRs) to ensure systems and software meet
security baselines required by the Department of Defense.  The SRRs are
commonly run on military systems and DISA makes them available to other
government agencies and the general public (at their own risk) at
http://iase.disa.mil/stigs/SRR/index.html.

This vulnerability report applies to the current (October 15, 2009) Unix

CfP: 16th ACM Conference on Computer and Communications Security (CCS) 2009

Martin Abadi (UC Santa Cruz & Microsoft, USA)
Kostas Anagnostakis (I2R/A-STAR, Singapore)
Kosta Beznosov (U British Columbia, Canada)
Dan Boneh (Stanford University, USA)
Steve Borbash (Department of Defense, USA)
Jean Camp (Indiana University, USA)
Iliano Cervesato (Carnegie Mellon Univ., USA)
Mihai Christodorescu (IBM Research, USA)
Debra Cook (IDA-CCS, USA)
Lorrie Cranor (Carnegie Mellon Univ., USA)

VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues

    This issue might not be exploitable on host operating systems which
    have implemented heap protection.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-2098 to this issue.

    VMware        Product   Running  Replace with/

VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

    A vulnerability in a guest virtual device driver, could allow a
    guest operating system to crash the host and consequently any
    virtual machines on that host.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4916 to this issue.

    The following table lists what action remediates the vulnerability

Call for Participation - ACM Conference on Computer and Communications Security (CCS)

http://www.sigsac.org/ccs/CCS2009/stgrant.shtml
============================================================
OPENING KEYNOTE

Dorothy Denning
Distinguished Professor, Department of Defense Analysis
Naval Postgraduate School
============================================================
TECHNICAL PROGRAM HIGHLIGHTS

Featuring 58 technical papers, on Applied Cryptography, Attacks, RFID,

VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

    hardware. A malicious request sent from the guest operating
    system to the virtual hardware may cause the virtual hardware to
    write to uncontrolled physical memory.

    VMware would like to thank Andrew Honig of the Department of
    Defense for reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2008-4917 to this issue.

    The following table lists what action remediates the vulnerability


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!