You are here

T-572: VMware ESX/ESXi SLPD denial of service vulnerability

March 8, 2011 - 3:05pm



A vulnerability was reported in VMware ESX. A remote user can cause denial of service conditions.


ESX/ESXi 4.0, 4.1


VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

reference LINKS:

VMware Security Advisory: VMSA-2011-0004
VMware vSphere 4
VMware ESXi 4.1 Update




A remote user can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.A remote user can consume excessive CPU resources.


The vendor has issued a fix.
ESXi 4.1 Update 1 can be configured to boot with Intel Trusted Execution Technology (TXT). This boot option can protect ESXi in some cases where system binaries are corrupted or have been tampered with. TXT is currently available on Intel Xeon processor 5600 series servers.
KB 1033811

ESXi 4.1 Update 1 supports up to 160 logical processors.

ESXi 4.1 Update 1 includes the 3ware SCSI and Neterion vxge drivers. ESXi 4.1 Update 1 provides support for RHEL 6, RHEL 5.6, SLES 11 SP1 for VMware, Ubuntu 10.10, and Solaris 10 Update 9 guest operating systems.
VMware Compatibility Guide

VMware vSphere Compatibility Matrixes
VMware vSphere Compatibility