VMware patches denial of service vulnerability in its hypervisors

VMware has patched a vulnerability in its hypervisors that could be exploited to help mount a denial of service attack.

Virtualisation company VMware has patched a vulnerability in its hypervisors that could be exploited in a denial of service (DoS) attack.

VMWare's ESX and ESXi hypervisors contain a vulnerability, designated as CVE-2013-1661 by the Common Vulnerabilities and Exposures project, in how they implement the Network File Copy (NFC) protocol.

An unhandled exception when the hypervisors use the NFC protocol could be exploited to help mount a DoS attack. To exploit the vulnerability an attacker would need to intercept and modify NFC traffic between the ESX/ESXi hypervisors and the client machine.

The vulnerability was found in VMware ESXi 5.1 5.0, 4.1 and 4.0 and ESX 4.1 and 4.0. Details of how to patch this flaw can be found in VMware's security advisory.

Further reading about virtualisation security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All