VMware patches ESX, vCenter, vSphere vulnerabilities

VMware last week warned users to patch some of its most popular virtualisation and cloud management products or be at risk of denials of service attacks. Vulnerable apps include ESX and ESXi hypervisors and management platforms including vCenter Server Appliance and vSphere Update Manager.

Share

VMware last week warned users to patch some of its most popular virtualisation and cloud management products or be at risk of denials of service attacks. Vulnerable apps include ESX and ESXi hypervisors and management platforms including vCenter Server Appliance and vSphere Update Manager.

To exploit the vulnerability an attacker would have to intercept and modify management traffic. If successful, the hacker would compromise the hostd-VMDBs, which would lead to a denial of service for parts of the program.

VMware released a series of patches that resolve the issue. More information about the vulnerability and links to download the patches can be found here.

The vulnerability exists in vCenter 5.0 for versions before update 3; and ESX versions 4.0, 4.1 and 5.0 and ESXi versions 4.0 and 4.1, unless they have the latest patches.

Users can also reduce the likelihood of the vulnerability causing a problem by running vSphere components on an isolated management network to ensure that traffic does not get intercepted.

Senior Writer Brandon Butler covers cloud computing for Network World and NetworkWorld.com. He can be reached at [email protected] and found on Twitter at @BButlerNWW. Read his Cloud Chronicles here.  

"Recommended For You"

Trend to offer AV for Windows on virtual machines VMware launches Hyperic 4.4 to crack app performance problems