VMware has identified and fixed seven security bugs in the free version of its hypervisor, which could let hackers launch denial-of-service, change user privileges and forge RSA key signatures.

VMware identified the problems in VMware Server, the company’s free server virtualization software, and fixed them in newly released version 1.0.5.  VMware first reported the problems Monday, according to a Secunia security advisory, which classifies the vulnerabilities as "less critical." Users should upgrade to version 1.0.5 to avoid potential security problems.
VMware conducted an internal security audit that found an insecurely created object that malicious users could exploit to "escalate privileges or create a denial-of-service attack," VMware states on its Web site.

Two other bugs also let users attain privileges they’re not entitled to.

One vulnerability that lets users forge RSA key signatures was solved by upgrading VMware Server to a newer edition of OpenSSL, an open source security toolkit.

The vendor also found that VMware Workstation – which lets multiple operating systems run concurrently on a single PC – contained a vulnerability while running on Windows that allows a guest machine complete access to a host’s file system, including the "ability to create and modify executable files in sensitive locations."

VMware, the market share leader in server virtualization, has publicly put a high priority on security recently, with the release of a new set of APIs that gives security vendors access to its hypervisor. This should lead to better protection against viruses, Trojans and keyloggers in the future, VMware says.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports