Vigil@nce - VMware vCenter Server, vSphere Client, ESX: memory corruption of client authentication
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can setup a malicious sever, and invite VMware vCenter
Server, vSphere Client and ESX clients to connect, in order to
corrupt their memory, which leads to code execution.
– Impacted products: ESX, ESXi, VMware vCenter, VirtualCenter,
VMware vSphere, VMware vSphere Hypervisor
– Severity: 2/4
– Creation date: 01/02/2013
DESCRIPTION OF THE VULNERABILITY
The VMware vCenter Server, vSphere Client and ESX products can
authenticate on a VMware server.
However, if the server returns malicious data, it corrupts the
client’s memory. Technical details are unknown.
An attacker can therefore setup a malicious sever, and invite
VMware vCenter Server, vSphere Client and ESX clients to connect,
in order to corrupt their memory, which leads to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN