VMSA-2014-0001 : VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. VMware ESXi and ESX NFC NULL pointer dereference

VMware ESXi and ESX contain a NULL pointer dereference in
the handling of the Network File Copy (NFC) traffic. To
exploit this vulnerability, an attacker must intercept and
modify the NFC traffic between ESXi/ESX and the client.
Exploitation of the issue may lead to a Denial of Service.

To reduce the likelihood of exploitation, vSphere components
should be deployed on an isolated management network.

VMware would like to thank Alex Chapman of Context Information
Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2014-1207 to this issue.

b. VMware VMX process denial of service vulnerability

Due to a flaw in the handling of invalid ports, it is possible
to cause the VMX process to fail. This vulnerability may allow a
guest user to affect the VMX process resulting in a partial denial of
service on the host.

VMware would like to thank Recurity Labs GmbH and the Bundesamt
Sicherheit in der Informationstechnik (BSI) for reporting this
issue to us

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2014-1208 to this issue.

c. VMware vCloud Director Cross Site Request Forgery (CSRF)

VMware vCloud Director contains a vulnerability in the Hyper Text
Transfer
Protocol (http) session management. An attacker may trick an
authenticated
user to click a malicious link, which would result in the user being
logged
out. The user is able to immediately log back into the system.

VMware would like to thank Mattia Folador for reporting this issue to
us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2014-1211 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2014/000231.html

Solution :

Apply the missing patch.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 72006 ()

Bugtraq ID: 64993
64994
64995

CVE ID: CVE-2014-1207
CVE-2014-1208
CVE-2014-1211