VMware Reissues vCenter Server Patch

VMware on Friday updated a security advisory after it discovered a patch issued in October for a remote code execution flaw in VMware vCenter Server was incomplete.

VMware on Saturday reissued a patch from October that incompletely addressed a critically rated remote code execution vulnerability in vCenter Server.

The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on the server; versions 5.5, 5.1 and 5.0 are affected, VMware said. VCenter Server is used by organizations to manage their virtual server environments.

Friday’s advisory from VMware said that the original patch for CVE-2015-2342 was incomplete, and an additional patch is required.

VMware said that Windows Firewall mitigates the vulnerability as well.

“Even if the Windows Firewall is enabled, users are advised to install the additional patch in order to remove the local privilege elevation,” VMware said.

The original update also patched a remote code execution double free vulnerability in VMware ESXi OpenSLP’s SLPDProcessMessage() function, and a denial-of-service flaw in vCenter Server’s vpxd. The server did not sanitize long heartbeat messages, which allowed unauthenticated attackers to crash the server.

Suggested articles