U radu programskog paketa OpenSSL, za VMware ESX Server i VMware ESXi, otkrivena su dva sigurnosna propusta. OpenSSL omogućuje implementaciju SSL (eng. Secure Sockets Layer) i TLS (eng. Transport Layer Security) sigurnosnih protokola te pruža osnovnu kriptografsku podršku. Propusti su posljedica pogreške u funkciji "ssl3_get_key_exchange()" te višestrukih tzv. "race" uvjeta u datoteci "ssl/t1_lib.c". Napadaču omogućuju izvođenje DoS napada ili pokretanje proizvoljnog programskog koda. Korisnicima se savjetuje instalacija odgovarajuće nadogradnje.

VMware ESX Server / ESXi OpenSSL Vulnerabilities
Secunia Advisory 	SA43312 	
Release Date 	2011-02-11

Criticality level 	Moderately criticalModerately critical
Impact 	DoS
System access
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Partial Fix
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	VMware ESX Server 3.x
	VMware ESX Server 4.x
	VMware ESXi 3.x
	VMware ESXi 4.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2010-2939 CVSS available in Customer Area
CVE-2010-3864 CVSS available in Customer Area
	   	

Description

VMware has acknowledged some vulnerabilities in VMware ESX Server / ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

For more information:
SA40906
SA42243

Solution
Apply patches if available.
Further details available in Customer Area
Original Advisory
VMSA-2011-0003:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Other references
Further details available in Customer Area