Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
Solution
Apply the missing patch(es).
Insight
a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege
escalation on the host.
c. VMware ESXi, Workstation, and Player Denial of Service vulnerability
VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue
may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be
partial.
d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package
The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues.
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.
Affected
Mware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1
VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG
Detection
Check the build number
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3660, CVE-2014-8370, CVE-2015-1043, CVE-2015-1044 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)