Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Security Response to CAN-2004-0230: Audit Warns of Possible Denial of Service Vulnerability (1535)

Details

A security software audit warns that an ESX Server machine may have the security vulnerability described at:

cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0230.

How can I protect the server? Does VMware have a fix for this?

Solution

TCP implementations that use a large window size make it easier for remote attackers to guess sequence numbers that fall within the window. An attacker could potentially supply an acceptable sequence number, along with a forged source IP and TCP port, to inject a TCP RST or SYN packet into the data stream. Used successfully, this could result in a denial of service attack.

For clients accessing TCP services on an ESX Server machine — such as the VMware Management Interface — this could mean an inability to use the service, due to recurrent connection losses. Virtual machines would continue to run under these circumstances.

VMware has no plans to fix this at the present time, as it is not a serious security threat. If you notice frequent unexplained loss of connections to your ESX Server machine, VMware recommends you use intrusion detection software.

For links to other VMware security articles, refer to www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1107.

Keywords

1535; urlz; alertz; Nessus; 12213

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: