The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.
VMware has updated VMware vCenter Server, ESXi and ESX to address a vulnerability in the Network File Copy (NFC) Protocol. This update also addresses multiple security vulnerabilities in third party libraries used by VirtualCenter, ESX and ESXi. Relevant releases VMware vCenter Server 5.1 prior to 5.1.0b VMware vCenter Server 5.0 prior to 5.0 Update 2 VMware vCenter Server 4.0 prior to Update 4b VMware VirtualCenter 2.5 prior to Update 6c VMware ESXi 5.1 without ESXi510-201212101-SG VMware ESXi 5.0 without ESXi500-201212102-SG VMware ESXi 4.1 without ESXi410-201301401-SG VMware ESXi 4.0 without ESXi400-201302401-SG VMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG VMware ESX 4.1 without ESX410-201301401-SG VMware ESX 4.0 without ESX400-201302401-SG VMware ESX 3.5 without ESX350-201302401-SG Problem Description a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. b. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38 Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012. c. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues. Solution Apply the missing patch(es).
Updated on 2015-03-25
- VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
- VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues
- VMSA-2015-0001: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
- VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
- VMSA-2012-0006 VMware ESXi and ESX address several security issues