CVE-2011-0355 Information

Description

Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b) as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1 does not properly handle dropped packets which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port aka Cisco Bug ID CSCtj17451.

Reference

http://lists.vmware.com/pipermail/security-announce/2011/000118.html http://secunia.com/advisories/43084 http://securityreason.com/securityalert/8090 http://securitytracker.com/id?1025030 http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html http://www.osvdb.org/70837 http://www.securityfocus.com/archive/1/516259/100/0/threaded http://www.securityfocus.com/bid/46247 http://www.vmware.com/security/advisories/VMSA-2011-0002.html http://www.vupen.com/english/advisories/2011/0314 http://www.vupen.com/english/advisories/2011/0315 https://exchange.xforce.ibmcloud.com/vulnerabilities/65217