VMware DoS Security Update

Monday, November 19, 2012 @ 12:11 PM gHale


VMware shipped a security update for its vSphere API that resolves a denial of service (DoS) vulnerability in ESX and ESXi, as well as adding a number of open source security updates to the ESX Service Console.

The virtualization software provider’s patch affects the following releases: VMware ESXi 4.1 without patch ESXi410-201211401-SG and VMware ESX 4.1 without patches ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, and ESX410-201211407-SG.

RELATED STORIES
Old VMware Source Code Leaked
New Java Malware Forming
Simple Works for Malware Writers
LinkedIn Emails lead to BlackHole

The advisory addresses an issue in VMware’s vSphere API that, if unpatched, could give unauthenticated users the ability to send maliciously crafted API requests and disable the host daemon.

A successful exploit would hinder management activities but would not affect virtual machines running on the host.

There are further details about the other vulnerabilities, found by Sebastián Tullo of Core Security Technologies, VMware fixed in the shipment, including one that resolves a certificate trust issue caused by last year’s breach a DigiNotar.



Leave a Reply

You must be logged in to post a comment.