01 July 2009, 10:29
Security updates for VMWare-ESX
VMWare has released a security update for ESX-Server 3.5 to close a vulnerability in its Kerberos implementation. An input validation flaw in ASN.1 decoding function asn1_decode_generaltime meant that attackers could remotely crash the service or potentially inject and execute code.
Versions 4.0, 3.0.3, 3.0.2 and 2.5.5 are also vulnerable, but a patch for those versions is still in development. Kerberos is not activated by default in ESX server.
See also:
- VMSA-2009-0008 ESX Service Console update for krb5, VMWare advisory
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-742287
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
