Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New VMWare Security Advisory SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New VMWare Security Advisory

VMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vulnerability allows a remote attacker to cause a DoS or potentially execute arbitrary code on the ESX server.

According to the advisory available at http://lists.vmware.com/pipermail/security-announce/2009/000059.html all ESX versions are affected (ESXi is not affected), however, the Kerberos package is not installed by default.

In any case, I'd like to remind you to firewall and isolate your ESX servers as much as possible.

--
Bojan
 

Bojan

392 Posts
ISC Handler
Jul 1st 2009

Sign Up for Free or Log In to start participating in the conversation!