VMware has released a patch for a serious flaw in the company’s flagship ESX software, which could enable an attacker to cause a denial of service or run arbitrary code on a vulnerable server. The flaw lies in the Kerberos authentication protocol, which is included in ESX, but is not enabled by default.
VMware ESX is the company’s main server virtualization offering. ESX 3.5.0 is vulnerable to the problem, which can be resolved by installing the new package that VMware has released.
“An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer or, possibly, execute arbitrary code with the privileges of the user running the service,” VMware said in its advisory.
VMware also has released a new Knowledge Base article on the ESX Kerberos flaw. The patch is available here.