Security updates for VMWare-ESX
VMWare has released a security update for ESX-Server 3.5 to close a vulnerability in its Kerberos implementation. An input validation flaw in ASN.1 decoding function asn1_decode_generaltime
meant that attackers could remotely crash the service or potentially inject and execute code.
Versions 4.0, 3.0.3, 3.0.2 and 2.5.5 are also vulnerable, but a patch for those versions is still in development. Kerberos is not activated by default in ESX server.
See also:
- VMSA-2009-0008 ESX Service Console update for krb5, VMWare advisory
(djwm)