CVE-2013-1405

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 4.0 through 4.1 before Update 3a VMware VirtualCenter version 2.5 VMware vSphere Client versions 4.0 through 4.1 before Update 3a VMware VI-Client version 2.5 VMware ESXi versions 3.5 through 4.1 VMware ESX versions 3.5 through 4.1

Description The issue is related to the improper implementation of the management authentication protocol in the affected software. This allows remote servers to execute arbitrary code or cause a denial of service due to memory corruption via unspecified vectors.

Recommendations For VMware vCenter Server versions 4.0 through 4.1 before Update 3a, update to a version that includes Update 3a or later. For VMware VirtualCenter version 2.5, consider upgrading to a newer version of vCenter Server. For VMware vSphere Client versions 4.0 through 4.1 before Update 3a, update to a version that includes Update 3a or later. For VMware VI-Client version 2.5, consider upgrading to a newer version of vSphere Client. For VMware ESXi versions 3.5 through 4.1, update to a version later than 4.1. For VMware ESX versions 3.5 through 4.1, update to a version later than 4.1.