Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New VMWare Security Advisory SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New VMWare Security Advisory

VMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vulnerability allows a remote attacker to cause a DoS or potentially execute arbitrary code on the ESX server.

According to the advisory available at http://lists.vmware.com/pipermail/security-announce/2009/000059.html all ESX versions are affected (ESXi is not affected), however, the Kerberos package is not installed by default.

In any case, I'd like to remind you to firewall and isolate your ESX servers as much as possible.

--
Bojan
 

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Northern VA - Reston Spring 2020

Bojan

390 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!