Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESXi 4.0, Patch ESXi400-201302403-SG: Updates vSphere Client (2042533)

Details

Release date: February 07, 2013

Patch Classification Security
See KB 2014447 if using Update Manager 5.0
Build For build information, see KB 2041344.
Host Reboot Required No
Virtual Machine Migration or Shutdown Required No
PRs Fixed 975539
Affected Hardware N/A
Affected Software N/A
Related CVE numbers CVE-2013-1405


Solution

Summaries and Symptoms

This patch resolves a vulnerability related to the manner in which the vSphere Client handles the management authentication protocol. To exploit this vulnerability, an attacker must convince the vSphere Client to interact with a malicious server. Exploitation of this issue might lead to code execution on the system where the vSphere Client is installed.
To reduce the possibility of exploitation, deploy the vSphere Client in an isolated management network.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table above.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the VMware vCenter Update Manager Administration Guide.

ESXi hosts can also be updated using vSphere Host Update Utility or by manually downloading the patch ZIP file from the VMware download page and installing the bulletin by using the vihostupdate command through the vSphere CLI. For details, see the vSphere CLI Installation and Reference Guide and the vSphere Upgrade Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: