Due to a flaw in the handler function for RPC commands it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1516 to this issue.
The following paragraphs detail workarounds and mitigating controls that might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.
Workaround: Configure virtual machines to use less than 4 GB of memory. Virtual machines that have less than 4 GB of memory are not affected.
Mitigation: Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue.
ESXi NFS traffic parsing vulnerability Due to a flaw in the handling of NFS traffic it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi host without authentication. The issue is not present in cases where there is no NFS traffic.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2448 to this issue.
The following paragraphs detail workarounds and mitigating controls that might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.
Workaround: None identified.
Mitigation:
Connect only to trusted NFS servers.
Segregate the NFS network
Harden your NFS server.
VMware floppy device out-of-bounds memory write
Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2449 to this issue.
The following paragraphs detail workarounds and mitigating controls that might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.
Workaround: Remove the virtual floppy device from the list of virtual I/O devices. The VMware hardening guides recommend removing unused virtual I/O devices in general.
Mitigation: Do not allow untrusted root users access to your virtual machines. Root or Administrator level permissions are required to exploit this vulnerability.
VMware SCSI device unchecked memory write
Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2450 to this issue.
The following paragraphs detail workarounds and mitigating controls that might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.
Workaround: Remove the virtual SCSI controller from the list of virtual I/O devices. The VMware hardening guides recommend removing unused virtual I/O devices in general.
Mitigation: Do not allow untrusted root users access to your virtual machines. Root or Administrator level permissions are required to exploit this issue.
Patch Download and Installation
Note: All virtual machines on the ESXi host must be either shut down or migrated using vMotion before applying the patch. You must reboot the ESXi host after applying this patch.
