JVN#72911629: VMware ESX and ESXi vulnerable to directory traversal

Overview

VMware ESX and ESXi contains a directory traversal vulnerability.

Products Affected

VMware ESXi 5.0 without patch ESXi500-201203101-SG
VMware ESXi 4.1 without patch ESXi410-201201401-SG
VMware ESXi 4.0 without patch ESXi400-201203401-SG

VMware ESX 4.1 without patch ESX410-201201401-SG
VMware ESX 4.0 without patch ESX400-201203401-SG

It has been confirmed that ESX and ESXi 5.1 are not affected.

Description

VMware ESX and ESXi contains a directory traversal vulnerability.

Impact

A remote attacker may delete arbitrary files on the host operating system.

Solution

Apply an Update
Apply the latest update for the version of the software being used.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
VMware, Inc.	vulnerable	2013/09/06

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2013-3658
JVN iPedia	JVNDB-2013-000084

JVN#72911629 VMware ESX and ESXi vulnerable to directory traversal