Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Security Response to CAN-2004-0415: 2.4 Linux Kernel Kernel Memory Vulnerability (1431)

Details

A security software audit warns that an ESX Server machine may have the security vulnerability described at:

cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0415.

How can I protect the server? Does VMware have a fix for this?

Solution

This vulnerability affects Linux 2.4 kernels in general. It applies to ESX Server because the VMware Service Console is based on the Linux 2.4 kernel.

The Linux kernel fails to validate 64-bit file pointers properly, allowing an attacker to access kernel memory. This could allow an attacker to read sensitive data, such as cached passwords.

VMware has addressed this vulnerability as of ESX Server 2.5. VMware also provides updates for ESX 2.1.x, 2.0.x and 1.5.2 in the following security updates:

Keywords

1431; urlz; alertz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: