You are here

T-572: VMware ESX/ESXi SLPD denial of service vulnerability

March 8, 2011 - 3:05pm

Addthis

PROBLEM:

A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions.

PLATFORM:

ESX/ESXi 4.0, 4.1

ABSTRACT:

VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

reference LINKS:

VMware Security Advisory: VMSA-2011-0004
VMware vSphere 4
VMware ESXi 4.1 Update
CVE-2010-3609

IMPACT ASSESSMENT:

Moderate

Discussion:

A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.

Solution:

The vendor has issued a fix.
ESXi 4.1 Update 1 can be configured to boot with Intel Trusted Execution Technology (TXT). This boot option can protect ESXi in some cases where system binaries are corrupted or have been tampered with. TXT is currently available on Intel Xeon processor 5600 series servers.
KB 1033811
 

ESXi 4.1 Update 1 supports up to 160 logical processors.

ESXi 4.1 Update 1 includes the 3ware SCSI 2.26.08.036vm40 and Neterion vxge 2.0.28.21239-p3.0.1.2 drivers. ESXi 4.1 Update 1 provides support for RHEL 6, RHEL 5.6, SLES 11 SP1 for VMware, Ubuntu 10.10, and Solaris 10 Update 9 guest operating systems.
VMware Compatibility Guide

VMware vSphere Compatibility Matrixes
VMware vSphere Compatibility
 

 

Addthis