Published:2013/09/06 Last Updated:2013/09/06
JVN#19847770
VMware ESX and ESXi vulnerable to buffer overflow
Overview
VMware ESX and ESXi contains a buffer overflow vulnerability.
Products Affected
- VMware ESXi 5.0 without patch ESXi500-201203101-SG
- VMware ESXi 4.1 without patch ESXi410-201201401-SG
- VMware ESXi 4.0 without patch ESXi400-201203401-SG
- VMware ESX 4.1 without patch ESX410-201201401-SG
- VMware ESX 4.0 without patch ESX400-201203401-SG
It has been confirmed that ESX and ESXi version 5.1 are not affected.
Description
VMware ESX and ESXi contains a buffer overflow vulnerability.
Impact
A remote attacker may cause a denial-of-service (DoS) or execute arbitrary code.
Solution
Apply an Update
Apply the latest update for the version of the software being used.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-3657 |
| JVN iPedia |
JVNDB-2013-000085 |