VMware Bug Allowed Root Access

c4231 quotes Ars Technica: While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools -- EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection -- could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

VMWARE HATES GAY NIGGERS! FUCK VMWARE ! GNAA

G_N_A_A (G.A.Y N1GGER ASSOCIATION OF AMERICA) is the first organization which
gathers G.A.Y N1GGERS from all over America and abroad for one common goal - being G.A.Y N1GGERS.

Are you G.A.Y ?
Are you a N1GGER ?
Are you a G.A.Y N1GGER ?

If you answered "Yes" to any of the above questions, then G_N_A_A (G.A.Y N1GGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join G_N_A_A (G.A.Y N1GGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time G_N_A_A member.
G_N_A_A (G.A.Y N1GGER ASSOCIATION OF AMERICA) is the fastest-growing G.A.Y N1GGER community with THOUSANDS of members all over United States of America. You, too, can be a part of G_N_A_A if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of G.A.Y N1GGERS FROM OUTER SPACE THE MOVIE and watch it.

You can watch G.A.Y N1GGERS FROM OUTER SPACE on Youtube.

Second, you need to succeed in posting a G_N_A_A "first post" on slashdot.org , a popular "news for trolls" website

Third, you need to join the official G_N_A_A irc channel #G_N_A_A on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #G_N_A_A, the official G.A.Y N1GGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.easynews.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the G_N_A_A Java IRC client by clicking here.

If you have mod points and would like to support G_N_A_A, please moderate this post up.

This post brought to you by Penisbird , a proud member of the G_N_A_A

G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#G_N_A_A________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
Gary Niger gary_niger@G_N_A_A.us G_N_A_A Corporate Headquarters 143 Rolloffle Avenue Tarzana, California 91356
Enid Al-Punjabi enid_al_punjabi@G_N_A_A.us G_N_A_A World Headquarters No.33 Kyutei Bld. 2F, Shinjuku 2-11-7, Shinjuku-ku, Tokyo, Japan ????????2??11-6
Copyright (c) 2003-2015 G.A.Y N1GGER Association of America

Ich Bindawalross (London) - G_N_A_A (NYSE:

I used to work at vmware. Criminal engineering.

I used to work at vmware. They have criminals in china doing most of the code. The code is "lost" now. The smart people who made it are all gone and they have very young engineers from china doing all the code. Its riddled with bugs and likely back doors. They also destroyed the Nicira team. Smart, talented SDN guys who are all gone. Now Nicira is more or less dead and the crap china code, NSX-V and the new crap china code, NSX-T is there. Its crap. And they cant make a single installer for all their crap. each of their products is totally disjointed. You cant find a SINGLE PERSON at vmware capable of installing all of their products. Try finding someone who can install FOUR. Lets alone all of them. Its a alot of chinese and desi engineers who are way too young to understand what they are building. the product managers are young bucks who sling marketing slides but never automation and code. Its a shame. I really think all the engineering talent is locked up with that psycho asshole bezos / scamazon, microsoft, google and alibaba and tencent. the rest of the IT shops are full of young obedient small minded desi and chinese slaves who "do whatever". the really smart engineers at google, fakebook, scamazon, microsoft and google might be smarter but they willfully implement horrible evil plans for the love of money. the NSX+ESXi+vpshere on scamazon truly sucks, its double locking, lockin to scamazon and then locking to the horrible NSX apis for doing networking crap. if you can call them APIs. In reality NSX forces most configuration to do CLICK OPS, not really automated. Disgusting. vmware is a burnt out husk of what it used to be. tsarkon reports

Re:I used to work at vmware. Criminal engineering.

[swb]

I can't comment on the internals of VMware, but as a longtime user and vendor I feel like VMware went off the rails a few years ago. I think once they had a lot of SMB penetration the MBA geniuses knew growth was going to stall and they moved into the "tools and extensions" mode where they pushed all the add-ons...which maybe only bigger customers buy.

The few we installed always sucked, a weird mix of appliance VMs, Windows services, etc, and much of it was a mish-mash of configuration in vCenter web and Windows.

And while we're talking about vCenter -- jeezus, can we make the fucking web interface work worth a damn? It's been a trainwreck forever and still is IMHO, and got help you if it gets fucked up AND you need to do some kind of vCenter-only action...to recover vCenter! Which you will have to do since they make stupid mistakes like chronically undersizing vCenter disk partitions which then fill up and crash the Jenga structure of 1001 processes that make up vCenter.

It's high time base vCenter functionality like VM migration (including storage migration) was built into the base host install.

IMHO, for basic virtualization it's still a shitload better than Hyper-V. I keep waiting for 3rd party KVM-based products (like Nutanix) to catch up to Vmware. When they do, VMware's strategy of relying on bolt-ons and big license fees will drain them.

Re:I used to work at vmware. Criminal engineering.

[jaymemaurice]

I think much of this was fueled by the $1 Billion VMware Nicira buy. It alienated their partnership with Cisco and VCE and was poor strategy. It's like nobody realized that their user base couldn't figure understand what an MTU mismatch was, let alone handle a network issues caused by layers of poorly written software on broken hardware.

That stated you don't need to use vCenter to change DVS ports to get vCenter up - you /can/ do it in the CLI and you should be using ephemeral port allocation for the vCenter port-group. Often the difference between getting a senior tech with free time or one from the low cost geographies was evident by whether or not they made you re-install the product.

Re:I used to work at vmware. Criminal engineering.

[swb]

No, I was referring to specific situations where you find yourself needing to make a change in vCenter to support a vCenter recovery step.

IMHO, vCenter is a real house of cards for VMware environments. There are kind of workarounds, like running multiple clusters with vCenter running in the "other" cluster, frequent cloning/replication, etc, but none of them really solve the core problem that vCenter is 8 gallons of shit in a 4 gallon pail.

I like the fact that host installs are pretty lightweight (ie for install to flash, etc), but at the same time I think some of the self-imposed limitations on built in native host functionality this requires can be kind of frustrating.

Too much functionality relies on vCenter and it has proved too fragile on too many occasions. I'd kind of hope for something more clever at this point that involved some of it moved back into the host and vCenter streamlined a bit to only be larger scale functionality and larger database elements.

Re:I used to work at vmware. Criminal engineering.

I work here now.

It feels like working at VERSALIFE from DeusEx.

https://imgur.com/Kf3QkqP

Seriously. VMware is phony. Everything is outsourced. hardly anyone works at palo alto. everyone is desi or chinese. all the desis and chinese fight to keep their teams in their respective countries on top. there is NO CTO! VMwares CTO office is like fake news. Nothing is forward looking. Its about using asia as intellectual slave labor to keep this dead company alive.

The CEO throws these lame parties about 1-2 times a month and lets the desis and chinese take pictures with him.

Re: I used to work at vmware. Criminal engineering

take your meds

SHOVE GAY LINUX YODA - GAY YODA SEX ANAL FUCKING

How to Shove a Yoda Doll up your ass! The 9 Step Greased Up Yoda Doll Shoving process. Go Linux! Reports

9 steps to greasing your anus for Yoda Doll Insertion!
v 4.98.1
$YodaBSD: src/release/doc/en_US.ISO8859-1/yodanotes/9stepprocess.sgml,v 4.98.1 2017/11/25 13:54:20 Exp $

1. Defecate. Preferably after eating senna, ex lax, prunes, cabbage, pickled eggs, and Vietnamese chili garlic sauce. To better enhance the pleasure of this whole process, defecation should be performed in the Return of the Jedi wastebasket for added pleasure.
2. Wipe ass with witch hazel, which soothes horrific burns. (Rob "CmdrTaco" Malda certifies that his lips, raw like beaten flank steak from nearly continuous analingus with dogs, are greatly soothed by witch hazel which makes it perfect for the anus after diarrhea.)
3. Prime anus with anal ease. (Now Cherry Flavored for those butthole lick-o-phillic amongst you - very popular with 99% of the Slashdotting public!)
4. Slather richly a considerable amount of Vaseline and/or other anal lubricants into your rectum at least until the bend and also take your Yoda Doll , Yoda Shampoo bottle or Yoda soap-on-a-rope and liberally apply the lubricants to the Yoda Doll/Yoda Shampoo/Yoda Soap-on-a-rope. You may need your gay squire/lover to help with this since your fat corpulent ass cannot do a self-reach-around.
5. Put a n1gger do-rag on Yoda's head so the ears don't stick out like daggers!
6. Make sure to have a mechanism by which to fish Yoda out of your rectum, the soap on the rope is especially useful because the retrieval mechanism is built in.
7. Pucker and relax your balloon knot. Doing Kegel exercises several times actuating the sphincter muscle and relaxing it will help prepare your ass for what is to come.
8. Slowly rest yourself onto your Yoda figurine. Be careful, he's probably bigger than the dicks normally being rammed up your ass!
9. Gyrate gleefully in your computer chair while your fat sexless geek nerd loser fat shit self enjoys the prostate massage you'll be getting. Think about snoodling with the Sarlaac pit. Read Slashdot. Masturbate to anime. Email one of the Slashdot editors hoping they will honor you with a reply. Join several more dating services - this time, you don't select the (desired - speaks English) and (desired - literate). You figure you might get a chance then. Order some fucking crap from Think Geek. Suck and gag on a Dr. Who sonic screwdriver like it was the Doctor's dick in your mouth. Get Linux to boot on a Black and Decker Toaster Oven. Wish you could afford a new computer. Argue that cheap-ass discount bin hardware works 'just as well' as the quality and premium hardware because you can't afford the real stuff. Make claims about how Linux rules. Compile a kernel on your 486SX. Claim to hate Windows but use it for World of Warcraft. Admire Ghyslain's courage in making that wonderful Star Wars movie. Officially convert to the Jedi religion. Talk about how cool Mega Tokyo is. Try and make sure you do your regular 50 story submissions to Slashdot, all of which get rejected because people who aren't fatter than CowboyNeal can't submit.

Use something else.

Only if you use the sanctioned backup and recovery tools. Use something different and you'll not have this problem.

Re:Use something else.

[phayes]

Precisely. Anyone not using these products (& none of the ESXi installs I've seen do), no vulnerability. However Meltdown & Spectre are a problem for everyone.

Re: I used to work at vmware. Criminal engineering

care to elaborate?

now ESXI get's ceph I may just use them ne cluster

[Joe_Dragon]

now if ESXI get's ceph I may just use them for the next new cluster

"VMWARE BUG!!" = EMC inherited Apache bug?

So as far as I can tell here, there's an Apache Tomcat bug that EMC incorporated and left unpatched in their Avamar products, and it was picked up by VMware in their (end-of life'd) VDP cut-down version of Avamar.
Making a big song and dance about this being a "VMware" issue seems like a point-scoring exercise.

Re: I used to work at vmware. Criminal engineering

OP in this thread is a rambling mix of personal anecdotes and copypasta that's less coherent than the current US president.

Also, the post is full of grammatical errors, conspiracy theories, and "I'm off my meds" markers like missing capitalization and calling Amazon "scamazon," etc, and then it ends with the promise of more copypasta but abruptly ends with "tsarkon reports."

Re: I used to work at vmware. Criminal engineering

He thinks the software is unstable without looking in the mirror first...

Re: I used to work at vmware. Criminal engineering

OP in this thread is a rambling mix of personal anecdotes and copypasta that's less coherent than the current US president.

I'm not so sure. I think it compares rather well against, "my button is bigger than your button". Those are the ramblings of a first grader whereas the OP has at least a high school education. I don't know about you, but I'd call that an improvement over our ersatz President Trump.

Re: I used to work at vmware. Criminal engineering

It's actually way, way more coherent and on point than Donnie Shithole Jumpsuit Drumpf.

Re: I used to work at vmware. Criminal engineering

Rambling and incoherent, reminds me of most VMWare product installation procedures. Based on what I've seen regarding quality control, UI, and polish since around VSphere 5.0-5.5 I'd say this aligns pretty close with what we are seeing. Instead of a product growing more polished over time it resembles a patchwork of kludges and fixes these days.

Re: I used to work at vmware. Criminal engineering

Well, we know why YOU don't work there anymore...

Veeam and TSM VE

What about veeam B&R?

Re: Veeam and TSM VE

Don't get us started on this one ðY

Re: now ESXI get's ceph I may just use them ne clu

I think youve missed the point of ceph.

Cheap hardware and free software. No big box brands. Throwing vmware in there really shoots holes in the cheap part.

Re: I used to work at vmware. Criminal engineerin

The thing is I too worked for vmware and having seen the code I know heâ(TM)s right.

They have comment boxes top and bottom of large sections of code typically accompanied by a statement of âoedonâ(TM)t touch this, no one knows what it doesâ.

The hostd is a perfect example.

But he is wrong about Chinese developers. Itâ(TM)s hiring directly from MIT to reverse engineer the code.

This was all about 4 years ago so Iâ(TM)m not sure where things are at now. I do know that the vSphere Appliance in 6.5 is a pos for installing and configuring. It works about every 5th time and goodness me I hope your environment isnâ(TM)t too special or itâ(TM)s just not happening.

Re: I used to work at vmware. Criminal engineering

Yes, VMware has been going down hill. Over the last year I have migrated some hypervisor pools to Xenserver 7.x to great success (performance and price), I am considering moving all my internal virtualization to either Xen or KVM, while exploring my plan for a hybrid cloud deployment (some systems moving to AWS).
I am not suggesting that Xenserver or KVM will be without bugs but I find them equally capable (and sometimes with better support) than the hyped VMware.

Re: I used to work at vmware. Criminal engineering

Diversify. Don't put all your eggs in one basket, or VMWare as to speak.
VMware is hugely expensive - no real savings. I am not clear as to why MS has not decided to become #1 - they have money.

Even with this, and the other Intel bugs, including the interrupt ones that have not been talked about, Remote access via Citrix and the like is NOT being stopped. Security will do as they are told. When a few more cryptoexchanges go down - the messages may begin to sink through.

Re: I used to work at vmware. Criminal engineering

[Cramer]

All too true. Too much of the "product" is a bunch of horrible, bloated JAVA. And way too many "solutions" are collections of acquisitions bolted together poorly.

Re: I used to work at vmware. Criminal engineering

[ckatko]

More like, shut off your bot.

I bet you money I could make a bot that writes text like that, in a weekend.

Re: I used to work at vmware. Criminal engineerin

They have comment boxes top and bottom of large sections of code typically accompanied by a statement of âoedonâ(TM)t touch this, no one knows what it doesâ.

Well they have to support Windows and Microsoft has at least some history of doing weird undocumented things with hardware and hardware makers doing weird undocumented things that don't follow standards. I am quite sure the Linux kernel itself has some sections that just do what Windows appears to be doing, not because it makes sense, instead they do it because it seems to be the only way to get something to work.

Of course it might be sensible for someone to take a long look at the code and at least write down with what it seems to interact, however that too might give the wrong impression. I had quite a few spooky action at a distance encounters and the code base I had to work with isn't even dealing with low level details or global states, just not documented at all.

Re: I used to work at vmware. Criminal engineering

[swb]

Way too many acquisitions are just sniping of almost-mature products just to prevent someone else from buy them or the IP, not because the buyer really cares about making them work.

Re: I used to work at vmware. Criminal engineering

[swb]

MS would like to be #1, but they are trying to do it through licensing breaks for VMs not software quality and reliability. Hyper-V still sucks and their management tools are worse than VMware.

Re: I used to work at vmware. Criminal engineerin

I used to work at VMware too. I also had code access.
I never noticed such comments... but I was on the infrastructure support side and was more focused on code related to the installer/networking/storage/fault issues.

After ~2years I could handle vRealize Automation, vCNS/NSX, Cisco Nexus 1000v, vSAN no problem...
I refused to support VDP when I realized it was case sensitive checking DNS entries in the installer... I felt my skills would be more effective elsewhere.

When I was first hired I felt that I was in a proper senior role and among peers enabled to do whatever it took to provide excellent support to the customers. We even had weekly catered lunches. I had a lot of pride in working for the company. It was good until some leadership changes.

When I left, they weren't back-filling the attrition and the customer support experience seemed to be taking a back seat to cost cutting. They eventually closed the entire support center after pulling the "you guys will be the Center of Excellence" routine forcing everyone to be trained in the most complex products while increasing case volume. Many good people left or burned out before they packaged people out or were offered work from home.

There are a lot of former VMware employees. We had a engineering page that tracked seniority based on account creations; after 2 years I had more seniority than 1/2 the employee base.

Re: I used to work at vmware. Criminal engineering

Go back to PUBG faggot bitch.

Agree about the illegal aliens though. FTATH

Re: I used to work at vmware. Criminal engineering

Check this shit out fuck ass fuck face.

https://esxi-patches.v-front.d...

https://esxi-patches.v-front.d...

Then READ the fucking bulletins fuck shit bag.

This software is fucking shit.