VMware security updates – 29th Mar 2019

Synopsis: session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session(sometimes also called a session key) to gain unauthorized access to information or services in a computer system.

In software development, time of check to time of use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check.

Out-of-Bounds Read. The program reads data from outside the bounds of allocated memory. Buffer overflow is probably the best known form of software security vulnerability.

Current Status: VMware has been addressed above issues in their product. For more details, please refer to url below:

vCloud Director SP – https://www.vmware.com/security/advisories/VMSA-2019-0004.html

ESXi, Workstation and Fusion – https://www.vmware.com/security/advisories/VMSA-2019-0005.html