The remote ESXi is missing one or more security related Updates from VMSA-2012-0011. Summary VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues. Relevant releases: Workstation 8.0.3 Workstation 7.1.5 Player 4.0.3 Player 3.1.5 Fusion 4.1.2 ESXi 5.0 without patch ESXi500-201206401-SG ESXi 4.1 without patch ESXi410-201206401-SG ESXi 4.0 without patch ESXi400-201206401-SG ESXi 3.5 without patch ESXe350-201206401-I-SG ESX 4.1 without patch ESX410-201206401-SG ESX 4.0 without patch ESX400-201206401-SG ESX 3.5 without patch ESX350-201206401-SG Problem Description a. VMware Host Checkpoint file memory corruption Input data is not properly validated when loading Checkpoint files. This may allow an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host. VMware would like to thank Thorsten Tüllmann for reporting this issue to us. Workaround - None identified Mitigation - Do not import virtual machines from untrusted sources. b. VMware Virtual Machine Remote Device Denial of Service A device (e.g. CD-ROM, keyboard) that is available to a virtual machine while physically connected to a system that does not run the virtual machine is referred to as a remote device. Traffic coming from remote virtual devices is incorrectly handled. This may allow an attacker who is capable of manipulating the traffic from a remote virtual device to crash the virtual machine. Workaround - None identified Mitigation - Users need administrative privileges on the virtual machine in order to attach remote devices. - Do not attach untrusted remote devices to a virtual machine. Solution Apply the missing patch(es).
Updated on 2015-03-25
- VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
- VMSA-2012-0012 VMware ESXi update addresses several security issues.
- VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.