back to article Seriously, VMware? Two bugs in the week before Christmas?

Bah humbug! VMware's just revealed two nasty bugs that it recommends you fix at your earliest convenience. VMSA-2016-0024 is rated critical because vSphere Data Protection (VDP) turns out to contain “a private SSH key with a known password that is configured to allow key-based authentication.” And what can an attacker do with …

  1. RIBrsiq
    Coat

    [Looks at setup...]

    I'm not impacted. Good luck with that!

    Oh! And happy holidays, y'all!!

  2. allthecoolshortnamesweretaken

    (singing)

    On the first day of christmas

    VMware gave to me

    One major bug fix

    Two minor patches

    Three little SNAFUs

    ... and a secret vulnerability!

    1. raving angry loony

      Damn, beat me to the "on the n'th day of christmas" joke. Meh, yours was better anyway.

  3. Anonymous Coward
    Anonymous Coward

    Twas the day before Christmas, all through the software house,

    Not an employee was working, not moving a mouse.

    The bugs were all closed in Jira with care,

    In hopes that 12pm soon would be there.

    .

    The PMs were working from home in their beds,

    While visions of Agile DevOp Cloud-based solutions danced in their heads.

    And the PFY in his baggies, and me with my cap,

    Had just settled our brains for a long morning’s nap.

    .

    When from the server room there arose such a clatter,

    I sat up at my desk to see if it was a disk platter.

    I opened a terminal in a flash,

    entered my user name and cd'd to slash.

    .

    The light from the monitor showing Plesk,

    Dimly lit up the crap on my desk.

    When, what to my wondering eyes should be there,

    But a bunch of exploits and a screen full of ransomware.

    .

    With a little fat dictator, who looks a bit like a dork,

    I knew in a moment it must be Norks.

    Quicker than Java his exploits they came,

    And he whistled, and shouted, and called them by name!

    .

    "Now, VMSA-2016-0024! now, VMSA-2016-0023! now, 0022 and 0021!

    Too many to mention, VMWare is never done!

    Break out the buffer! Execute a system() call!

    Now escalate! Escalate! Escalate all!"

    .

    Etc... etc...

  4. fredesmite
    Facepalm

    If you saw how sausage was made ...

    You would never eat it.

    Likewise if you saw how software is released simply to meet some director's calender date so he gets a bonus ... you wouldn't use it.

    There are scores of known critical defects that never get reported to the outside world.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you saw how sausage was made ...

      "If you saw how sausage was made ... You would never eat it."

      I've seen plenty of sausage making - my dad used to work in a sausage factory. Mostly automated in a very clean environment.

      My hunger for sausages hasn't diminished at all!

      Does raw meat offend you?

      1. raving angry loony

        Re: If you saw how sausage was made ...

        "If you saw how sausage was made ... You would never eat it."

        Yeah, I never understood that. My suspicions are triggered when I CAN'T see how the sausage is made. I want to see what went into my damn sausage. I want to know the person making it knew what they were doing. I want to know where the ingredients came from. I want to know that those ingredients weren't mixed with some dead cat found on the road. If I can't see how the sausage is being made then I'm not sure I want it. Which is why I prefer to make my own, but I'll also get some from people I trust.

        Now, are we talking meat sausage, or software sausage?

  5. Anonymous Coward
    Anonymous Coward

    Quick thoughts...

    1. VDP is an OEM where that code comes Avamar.

    2. The host vulnerability is not something that 99.9% of shops should be worried about..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like