Release date:
Updated on:
Affected Systems:
VMWare ESX 5.0
VMWare ESX 4.1
VMWare ESX 4.0
VMWare ESXi 1, 4.1
VMWare ESXi 1, 4.0
VMWare ESXi 1, 3.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57666
CVE (CAN) ID: CVE-2013-1405
VMware vSphere Is A virtualization platform for building cloud architectures.
VMware vSphere encounters an error when processing the management authentication protocol, which can cause memory corruption and execute arbitrary code. To exploit this vulnerability, you must cheat vCenter Server and vSphere Client as clients to interact with malicious servers.
<* Source: vendor
Link: http://secunia.com/advisories/52047/
Http://www.vmware.com/security/advisories/VMSA-2013-0001.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VMWare
------
VMWare has released a Security Bulletin (VMSA-2013-0001) and patches for this:
VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries
Link: http://www.vmware.com/security/advisories/VMSA-2013-0001.html