Published:2013/09/06  Last Updated:2013/09/06

JVN#72911629
VMware ESX and ESXi vulnerable to directory traversal

Overview

VMware ESX and ESXi contains a directory traversal vulnerability.

Products Affected

  • VMware ESXi 5.0 without patch ESXi500-201203101-SG
  • VMware ESXi 4.1 without patch ESXi410-201201401-SG
  • VMware ESXi 4.0 without patch ESXi400-201203401-SG
  • VMware ESX 4.1 without patch ESX410-201201401-SG
  • VMware ESX 4.0 without patch ESX400-201203401-SG
It has been confirmed that ESX and ESXi 5.1 are not affected.

Description

VMware ESX and ESXi contains a directory traversal vulnerability.

Impact

A remote attacker may delete arbitrary files on the host operating system.

Solution

Apply an Update
Apply the latest update for the version of the software being used.

Vendor Status

Vendor Status Last Update Vendor Notes
VMware, Inc. vulnerable 2013/09/06

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2013-3658
JVN iPedia JVNDB-2013-000084