VMware last week warned users to patch some of its most popular virtualisation and cloud management products or be at risk of denials of service attacks. Vulnerable apps include ESX and ESXi hypervisors and management platforms including vCenter Server Appliance and vSphere Update Manager.
To exploit the vulnerability an attacker would have to intercept and modify management traffic. If successful, the hacker would compromise the hostd-VMDBs, which would lead to a denial of service for parts of the program.
VMware released a series of patches that resolve the issue. More information about the vulnerability and links to download the patches can be found here.
The vulnerability exists in vCenter 5.0 for versions before update 3; and ESX versions 4.0, 4.1 and 5.0 and ESXi versions 4.0 and 4.1, unless they have the latest patches.
Users can also reduce the likelihood of the vulnerability causing a problem by running vSphere components on an isolated management network to ensure that traffic does not get intercepted.