VMSA-2014-0001 VMware ESXi Address Several Security Issues (remote Check). Network Vulnerability

Summary

VMware ESXi address several security issues.

Solution

Apply the missing patch(es).

Insight

a. VMware ESXi and ESX NFC NULL pointer dereference VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. b. VMware VMX process denial of service vulnerability Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host.

Affected

VMware ESXi 5.1 Build < 1483097 VMware ESXi 5.0 Build < 1311177

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2014-0001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1207, CVE-2014-1208
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

VMSA-2014-0001 VMware ESXi address several security issues (remote check).

Take action and discover your vulnerabilities