Vulnerabilities / Threats
12/19/2012
07:00 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Digital Defense Discovers Zero-Day Vulnerability In VMware

A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system

San Antonio, TX – December 19, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, announced another zero-day finding, discovered by the company's Vulnerability Research Team (VRT). The vulnerability resides in both the VMware® View Connection Server and the View Security Server. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This security issue was revealed using DDI's patent-pending vulnerability scanning technology.

We applaud VMware for their collaboration and rapid response in developing a solution for the issue in the form of an upgrade, which is available through their website.

Previously unknown software flaws, or zero-day vulnerabilities, continue to be one of the biggest threats an organization can face. A single exploited vulnerability in one computer or network can be devastating, resulting in severe losses to an organization's reputation and bottom line.

DDI's VRT has the unique capability to identify and disclose these vulnerabilities. This Decisive Security Intelligence is improving the security posture of organizations across the globe. The VRT has released multiple vulnerability disclosures, including those within widely used platforms.

Gordon MacKay, Chief Technology Officer at DDI states, "Our VRT is vigilant in our quest to root out any flaws that pose a danger to our clients. In addition to proactively mining data to expose potential threats, we listen to our clients and investigate identified issues, which may reveal these previously unknown vulnerabilities".

About Digital Defense

Founded in 1999, Digital Defense, Inc. (DDI) is the premier provider of managed security risk assessment solutions protecting billions in assets for small businesses to Fortune companies in over 65 countries. DDI's dedicated team of experts helps organizations establish a culture of security through regular information security assessments, awareness education and Decisive Security Intelligence. This proven method bolsters the capability of organizations to reduce risk and keep information, intellectual property and reputations secure. The combination of DDI's certified Security Analysts, patent-pending scanning technology and proprietary cloud-based vulnerability management system, Frontline&trade Solutions Platform, delivers the most powerful assessment results and remediation management solutions possible.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.