The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)
View by Article ID
VMware ESXi 3.5 Patch ESXe350-201302403-C-SG: Updates VI Client (2042545)
Details
Release date: February 21, 2013
Download Size
236.3 MB
Download Filename
ESXe350-201302401-O-SG.zip
md5sum
a2c5f49bc865625b3796c41c202d1696
sha1sum
12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee
Note: The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.
Product
ESXi 3.5
Build Information
988599
Patch Classification
Security
Virtual Machine Migration or Reboot Required
No
Host Reboot Required
No
PRs Fixed
983827
Affected Hardware
N/A
Affected Software
N/A
Related CVE numbers
CVE-2013-1405
Solution
Summaries and Symptoms
This patch resolves a vulnerability with the vSphere Client in its handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince vSphere Client to interact with a malicious server. Exploitation of this issue might lead to code execution on the system where the vSphere Client is installed. To reduce the possibility of exploitation, deploy the vSphere Client in an isolated management network.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table, above.
Patch Download and Installation
Note: All virtual machines on the ESXi host must be either shut down or migrated using vMotion before applying the patch. You must reboot the ESXi host after applying this patch.
The typical way to apply patches to ESXi hosts is through the vCenter Update Manager. See the vCenter Update Manager Administration Guide.
