VMware security update

VMware issued a security advisory for 3 CVEs today:

Excerpt of announcement:

VMSA-2015-0007
VMware vCenter and ESXi updates address critical security issues.
Advisory ID:  VMSA-2015-0007
Updated on:     2015-10-01 (Initial Advisory)
CVE numbers:     CVE-2015-5177 CVE-2015-2342 CVE-2015-1047

1) VMware ESXi contains a double free flaw in OpenSLP’s SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host. VMware would like to thank Qinghao Tang of QIHU 360 for reporting this issue to us.

2) VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server. VMware would like to thank Doug McLeod of 7 Elements Ltd and an anonymous researcher working through HP’s Zero Day Initiative for reporting this issue to us.

3) VMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service. VMware would like to thank the Google Security Team for reporting this issue to us.

More Information:

https://www.vmware.com/go/download-vsphere
https://www.vmware.com/patchmgr/findPatch.portal
http://kb.vmware.com/kb/2110247
http://kb.vmware.com/kb/2114875
http://kb.vmware.com/kb/2120209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047
http://www.vmware.com/security/advisories
http://kb.vmware.com/kb/2078735
https://www.vmware.com/security/advisories/VMSA-2015-0007

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s