VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)
Medium Nessus Plugin ID 87673
SynopsisThe remote VMware ESX / ESXi host is missing a security-related patch.
DescriptionThe remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities :
- A denial of service vulnerability exists due to a NULL pointer deference flaw when handling Network File Copy (NFC) traffic. An unauthenticated, remote attacker can exploit this by intercepting and modifying the traffic between the ESX / ESXi host and the client.
- A flaw exists due to improper handling of invalid ports. An unauthenticated attacker on an adjacent network can exploit this to cause VMX processing to fail, resulting in a partial denial of service.
SolutionApply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1.