VMware Bug Allowed Root Access

c4231 quotes Ars Technica: While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools -- EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection -- could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

Re: I used to work at vmware. Criminal engineerin

The thing is I too worked for vmware and having seen the code I know heâ(TM)s right.

They have comment boxes top and bottom of large sections of code typically accompanied by a statement of âoedonâ(TM)t touch this, no one knows what it doesâ.

The hostd is a perfect example.

But he is wrong about Chinese developers. Itâ(TM)s hiring directly from MIT to reverse engineer the code.

This was all about 4 years ago so Iâ(TM)m not sure where things are at now. I do know that the vSphere Appliance in 6.5 is a pos for installing and configuring. It works about every 5th time and goodness me I hope your environment isnâ(TM)t too special or itâ(TM)s just not happening.