VMWare ESX/ESXi Security Advisory

Published: 2013-12-23. Last Updated: 2013-12-23 04:26:20 UTC
by Scott Fendley (Version: 1)
1 comment(s)

On Sunday, VMWare released a security advisory VMSA-2013-0016 and involves the ESX (versions 4.0 & 4.1) and ESXi (versions 4.0 through 5.5) products.  A vulnerability exists within the products which could allow an unpriviledged vCenter user to arbitrarily have read or write access to files. Removing the "Add Existing Disk" permission or limiting the number of vCenter users with this priviledge can reduce the risk of exploitation until updates can be applied.   More details are available at the VMWare Security Advisory page located at http://www.vmware.com/security/advisories/VMSA-2013-0016.html

--

Scott Fendley
ISC Handler

Keywords: esx ESXi vCenter vmware VMware Advisory
1 comment(s)

Comments

For more detailed information, we released a whitepaper describing this vulnerability a while ago: http://www.insinuator.net/2013/02/vmdk-has-left-the-building-newsletter/

Anonymous

Dec 23rd 2013
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives