Updated versions of the Cisco Nexus 1000V virtual switch address a denial of service in VMware ESX/ESXi.
The following VMware products could be affected by a denial of service vulnerability that is present in older versions of the Cisco Nexus 1000V virtual switch:
a. Cisco Nexus 1000V Virtual Ethernet Module denial of service
The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual switch for ESX and ESXi. This switch can be added to ESX and ESXi where it replaces the VMware virtual switch and runs as part of the ESX and ESXi kernel.
A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM can cause ESX and ESXi to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0355 to the issue.
The issue is addressed by Cisco in the following releases:
Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(1) SV1(4)
---------------------------------------------------------------
Release notes
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/release/notes/n1000v_rn.html
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c)
----------------------------------------------------------------
Release notes
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html.
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0355
Cisco bug ID CSCtj17451 (registered Cisco customers only)
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj17451
2011-02-07 VMSA-2011-0002
Initial security advisory in conjunction with the release of Cisco Nexus 1000V Virtual Ethernet Module 1.3c on 2011-02-04.
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists: