In association with heise online

01 July 2009, 10:29

Security updates for VMWare-ESX

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMWare has released a security update for ESX-Server 3.5 to close a vulnerability in its Kerberos implementation. An input validation flaw in ASN.1 decoding function asn1_decode_generaltime meant that attackers could remotely crash the service or potentially inject and execute code.

Versions 4.0, 3.0.3, 3.0.2 and 2.5.5 are also vulnerable, but a patch for those versions is still in development. Kerberos is not activated by default in ESX server.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit