Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Security Response to CERT Alert TA04-078A: Installing OpenSSL Patch to Correct CERT Vulnerabilities in VMware GSX Server 2.5.1 (1256)

Details

Is GSX Server 2.5.1 exposed to the OpenSSL denial of service vulnerabilities reported in the following advisories and alerts?



What is VMware's response?

Solution

Both the Linux and Windows versions of VMware GSX Server 2.5.1 Patch 1 build 5336, and all previous GSX Server 2.x.x releases make use of OpenSSL to provide SSL security for VMware Management Interface and VMware Remote Console sessions. On March 17, 2004, an OpenSSL Security Advisory was posted identifying SSL/TLS handshake vulnerabilities that could cause OpenSSL to crash. Such a crash would interrupt GSX Server management interface and remote console sessions.

GSX Server 2.5.1 Patch 1 build 5336 and all previous GSX Server 2.x.x releases use versions of OpenSSL which are subject to the vulnerabilities described in the links to the above advisories. VMware highly recommends you upgrade to version GSX Server 2.5.2, which uses OpenSSL version 0.9.7d. This version of OpenSSL has fixes for the above vulnerabilities.

If you are a VMware GSX Server customer with an active product support and subscription service, you can download GSX Server 2.5.2 from the download section of the VMware Web site. Go to www.vmware.com/download/ and look under Previous Versions.

VMware GSX Server 3.0.0 build 7592 uses a version of OpenSSL subject to the vulnerabilities linked above. See Knowledge Base article 1257 at www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257 for instructions on applying the patch to that version.

VMware GSX Server 1.0.x does not use OpenSSL and is therefore not subject to the above vulnerabilities.

Keywords

alertz; 1256; urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: