6.8 - VMSA-2014-0001

a. VMware ESXi and ESX NFC NULL pointer dereference

VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service.

To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network.

VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1207 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server any any not affected

hosted* any any not affected

ESXi 5.5 ESXi not affected ESXi 5.1 ESXi ESXi510-201401101-SG ESXi 5.0 ESXi ESXi500-201310101-SG ESXi 4.1 ESXi ESXi410-201312401-SG ESXi 4.0 ESXi ESXi400-201310401-SG

ESX 4.1 ESX ESX410-201312401-SG ESX 4.0 ESX ESX400-201310401-SG

* hosted products are VMware Workstation, Player and Fusion.

b. VMware VMX process denial of service vulnerability

Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host.

VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1208 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server any any not affected

Workstation 10.0 any not affected Workstation 9.0 any 9.0.1 or later

Player 6.0 any not affected Player 5.0 any 5.0.1 or later

Fusion 6.0 Mac OS/X not affected Fusion 5.0 Mac OS/X 5.0.1 or later

ESXi 5.5 ESXi not affected ESXi 5.1 ESXi ESXi510-201401101-SG ESXi 5.0 ESXi ESXi500-201310101-SG ESXi 4.1 ESXi ESXi410-201312401-SG ESXi 4.0 ESXi ESXi400-201310401-SG

ESX 4.1 ESX ESX410-201312401-SG ESX 4.0 ESX ESX410-201312401-SG

c. VMware vCloud Director Cross Site Request Forgery (CSRF)

VMware vCloud Director contains a vulnerability in the Hyper Text Transfer Protocol (http) session management. An attacker may trick an authenticated user to click a malicious link, which would result in the user being logged out. The user is able to immediately log back into the system.

VMware would like to thank Mattia Folador for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1211 to this issue.