Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

SFCB Authentication Flaw may be introduced by the ESXi 4.1 Update Installer (1031761)

Details

Under certain conditions, the ESXi 4.1 installer that upgrades an ESXi 3.5 or ESXi 4.0 host to ESXi 4.1 incorrectly handles the SFCB authentication mode . The result is that SFCB authentication could allow login with any username and password combination.

An ESXi 4.1 host is affected if all of the following apply:
  •     ESXi 4.1 was upgraded from ESXi 3.5 or ESXi 4.0
  •     The SFCB configuration file /etc/sfcb/sfcb.cfg was modified prior to the upgrade.
  •     The sfcbd daemon is running (sfcbd runs by default).

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4573 to this issue.

Verify that your deployment of ESX 4.1 is affected as follows:
  1. Log in to your ESXi 4.1 host using Tech Support mode as described in Using Tech Support Mode in ESXi 4.1 (KB 1017910).
  2. Open /etc/sfcb/sfcb.cfg
  3. Find the line with basicAuthLib, your deployment of ESX 4.1 is affected if the value for the parameter is basicAuthLib: sfcBasicAuthentication. Your system is not affected if the value for the parameter is listed as sfcBasicPAMAuthentication.


Solution

VMware is preparing a resolution for this issue.  In the meantime correct the issue on ESXi 4.1 as follows:
  1. Log in to your ESXi 4.1 host using Tech Support mode as described in Using Tech Support Mode in ESXi 4.1 (KB 1017910).
  2. Open /etc/sfcb/sfcb.cfg in a text editor.
  3. Find the following line:
    basicAuthLib: sfcBasicAuthentication
  4. Change the line to the following:
    basicAuthLib: sfcBasicPAMAuthentication
  5. Save the changes.
  6. Reboot the system or restart the sfcb service using the following command:
    /etc/init.d/sfcbd-watchdog restart

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: