VMware releases several updates to solve security issues

VMware released several security fixes to solve issues on various VMware solutions.

One issue is that an attacker can initiate a Denial of Service on the hostd-vmdb service. This service is used in ESX(i) to manage the host from vCenter Server and vSphere Client. If the hostd-vmdb service is attacked, hosts cannot be managed anymore.

VMware advises a best practise is to use a dedicated, logically isolated network for management of ESX(i) hosts. This network should only be accessible from workstations or servers used by IT-management.

Affected versions are ESXi 5.1, 4.1 and 4.0. Also affected are ESX4.1 and 4.0

Other issues are reported in the vSphere Web Client Server as well as in vCenter and Update Manager which uses  Oracle JRE update 1.6.0_51.

More information and download of patches in this VMware post.