VMware vCenter and ESXi updates address critical security issues.

a. VMware ESXi OpenSLP Remote Code Execution

VMware ESXi contains a double free flaw in OpenSLP’s SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to remotely execute code on the ESXi host.

VMware would like to thank Qinghao Tang of QIHU 360 for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-5177 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.