Summary
VMware ESXi address several security issues.
Solution
Apply the missing patch(es).
Insight
a. VMware ESXi and ESX NFC NULL pointer dereference
VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network.
b. VMware VMX process denial of service vulnerability
Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host.
Affected
VMware ESXi 5.1 Build < 1483097
VMware ESXi 5.0 Build < 1311177
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1207, CVE-2014-1208 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Apple Safari Web Script Execution Vulnerabilites - June09
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- Apache Tomcat servlet/JSP container default files