VMware Releases Critical ESX(i) 3.5, 4.x and 5.0 Patches

On May 3rd, 2012 VMware released some very critical security patches for many versions of ESX/ESXi, (3.5, 4.0, 4.1, 5.0), Workstation and Player. This updates bring the ESXi 4.1 build up to 702113 and ESXi 5.0 up to 702118. Given that you can potentially cause mayhem from inside a guest VM, this is one patch I would roll out ASAP after adequate testing. Remember that you can always manually download patches from here if your VUM server isn’t connected to the internet. You can manually import the patch into an air-gapped VUM instance and patch your hosts.

For a complete guide of security updates, check out this VMware KB article. If you work in a very security conscious environment and want to build a custom ESXi 5.0 installation ISO with the security patch baked in, check out my article here. Although that article is tailored for Cisco UCS servers, you can just skip injecting the UCS drivers and build a new base image with the most current published baseline.

Bulletin summary:

ESXi NFS traffic parsing vulnerability
Due to a flaw in the handling of NFS traffic it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi host without authentication. The issue is not present in cases where there is no NFS traffic.

VMware floppy device out-of-bounds memory write
Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.

Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.