14 DAY TRIAL // VMware has updated VMware ESXi and ESX to fix a Network File Copy (NFC) protocol unhandled exception vulnerability (CVE-2013-1661) that can be leveraged for a denial-of-service (DOS) attack.
“VMware ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service,” reads the advisory published on Thursday by VMWare.
ESXi versions 4.0, 4.1, 5.0 and 5.1, and ESX versions 4.0 and 4.0 are impacted by the issue. vCenter Server, VMware Workstation, Player, ACE and Fusion are not affected.
Alex Chapman of Context Information has been credited for identifying and reporting the security hole.
The patches are available on VMware’s website.