Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

2011.02.21
Risk: High
Local: No
Remote: Yes
CWE: CWE-399


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0002 Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi Issue date: 2011-02-07 Updated on: 2011-02-07 (initial release of advisory) CVE numbers: CVE-2011-0355 - ------------------------------------------------------------------------ 1. Summary Updated versions of the Cisco Nexus 1000V virtual switch address a denial of service in VMware ESX/ESXi. 2. Relevant releases The following VMware products could be affected by a denial of service vulnerability that is present in older versions of the Cisco Nexus 1000V virtual switch: - ESXi 4.1 - ESXi 4.0 - ESX 4.1 - ESX 4.0 The following Cisco products have the vulnerability: - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1) 3. Problem Description a. Cisco Nexus 1000V Virtual Ethernet Module denial of service The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual switch for ESX and ESXi. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel. A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM can cause ESX and ESXi to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0355 to the issue. The issue is addressed by Cisco in the following releases: - Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(4) SV1(4) - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c) For details refer to the release notes of these releases (see section 4 for links). VMware customers are only affected by this vulnerability if they have chosen to deploy the Cisco Nexus 1000V virtual switch as a replacement for the VMware vNetwork Standard Switch or the VMware vNetwork Distributed Switch. VMware has confirmed that the VMware vNetwork Standard Switch and the VMware vNetwork Distributed Switch are not affected by the vulnerability. The issue is documented by Cisco in Cisco bug ID CSCtj17451 (see section 5 for a link). 4. Solution Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(1) SV1(4) --------------------------------------------------------------- Release notes http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s _v_ 1_4/release/notes/n1000v_rn.html Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c) ---------------------------------------------------------------- Release notes http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s _v_ 1_3_c/release/notes/n1000v_rn.html 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0355 Cisco bug ID CSCtj17451 (registered Cisco customers only) http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method =fe tchBugDetails&bugId=CSCtj17451 - ------------------------------------------------------------------------ 6. Change log 2011-02-07 VMSA-2011-0002 Initial security advisory in conjunction with the release of Cisco Nexus 1000V Virtual Ethernet Module 1.3c on 2011-02-04. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFNUNTIS2KysvBH1xkRAk1hAJ9iH1j58lM5KrwVaRYccSN3rWaw/wCePyLP FHYGA7W1DEcKcOFWj7GkuHE= =srWD -----END PGP SIGNATURE-----

References:

http://xforce.iss.net/xforce/xfdb/65217
http://www.vupen.com/english/advisories/2011/0315
http://www.vupen.com/english/advisories/2011/0314
http://www.vmware.com/security/advisories/VMSA-2011-0002.html
http://www.securityfocus.com/bid/46247
http://www.securityfocus.com/archive/1/archive/1/516259/100/0/threaded
http://www.osvdb.org/70837
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html
http://securitytracker.com/id?1025030
http://secunia.com/advisories/43084
http://lists.vmware.com/pipermail/security-announce/2011/000118.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top