Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - New VMWare Security Advisory InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New VMWare Security Advisory

Published: 2009-07-01
Last Updated: 2009-07-01 07:50:05 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

VMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vulnerability allows a remote attacker to cause a DoS or potentially execute arbitrary code on the ESX server.

According to the advisory available at http://lists.vmware.com/pipermail/security-announce/2009/000059.html all ESX versions are affected (ESXi is not affected), however, the Kerberos package is not installed by default.

In any case, I'd like to remind you to firewall and isolate your ESX servers as much as possible.

--
Bojan
 

Keywords: esx vmware
0 comment(s)
Diary Archives