# Security Fixes

* New: Exception handling privilege escalation on Guest Operating System This release addresses a security vulnerability in exception handling. Improper setting of the exception code on page faults might allow for local privilege escalation on the guest. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2267 to this issue.
* New: Directory Traversal Vulnerability on Linux-based hosts This release addresses a directory traversal vulnerability that is present on host systems and that may allow for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides. The issue is present on Linux-based hosts only, not on Windows-based hosts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3733 to this issue.

# Miscellaneous

* Disk Stress Test fails with data corruption error
WLK DiskStress test fails with data corruption error on LSI Logic virtual device.
* Server 2.0.1 does not allow vmnet-bridge service to be run in the foreground
The vmnet-bridge service has a parameter -d for putting it in daemon mode. Without using the -d parameter, the vmnet-bridge service should be able to run in the foreground. This was not working. This issue is resolved in this release.