Portal Home > Knowledgebase > VMware Knowledge Base > VMware ESX Server 3.5, Patch ESX350-200805504-SG: Security Update to the Service Console for Cyrus SASL

VMware ESX Server 3.5, Patch ESX350-200805504-SG: Security Update to the Service Console for Cyrus SASL

Details

Release Date: 03 JUNE 2008 
Document Last Updated: 03 JUNE 2008

 

Download Size: 
280 KB 
Download Filename: 
ESX350-200805504-SG.zip 
md5sum: 
4c1b1a8dcb09a636b55c64c290f7de51

Product VersionsESX Server 3.5
Patch ClassificationSecurity
SupersedesNone
RequiresESX350-200805502-BG
Virtual Machine Migration or Reboot RequiredNo
ESX Server Host Reboot RequiredNo
PRs Fixed255470
Affected HardwareN/A
Affected SoftwareCyrus SASL
RPMs Included

cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-15.i386.rpm

Related CVE numbersCVE-2006-1721


Solution

Summaries and Symptoms

This patch includes an updated cyrus-sasl package for the ESX Server service console that corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the server.
 
Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table, above.

Based on VMware KB 1004640


Also Read

Language: