VMware vMA and ESX Products krb5 Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 31 May 2010 4448 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in VMware vMA and various ESX products krb5, which could be exploited by attackers to disclose sensitive information, cause a denial of service, or compromise an affected system.

1. Some vulnerabilities are caused due to integer underflows within the AES and RC4 decryption when handling ciphertexts shorter than the minimum expected length.

2. The security issue is caused due to pam_krb5 returning different password prompts depending on whether or not a valid user name is supplied.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • VMware ESX Server 2.x
  • VMware ESX Server 3.x
  • VMware vMA 4.x

Solutions

There is no patch available for this vulnerability currently.

Workaround
Restrict access to trusted users only. Filter network access using a firewall. Restrict access to the pam_krb5 password prompt.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Adobe Photoshop CS Multiple Vulnerabilities

28 May 2010 4389 Views

Next

Novell eDirectory Buffer Overflow and Denial of Service Vulnerabilities

4 Jun 2010 4502 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY