Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
Solution
Apply the missing patch(es).
Insight
a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege
escalation on the host.
c. VMware ESXi, Workstation, and Player Denial of Service vulnerability
VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue
may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be
partial.
d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package
The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues.
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.
Affected
Mware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1
VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3660, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
- VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
- VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- VMSA-2013-0002 VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability