OpenSSL security vulnerability with CVE-2009-3555 identifier does not affect vCenter, ESX, and ESXi

Details

vCenter, ESX, and ESXi are not impacted by the OpenSSL security vulnerability in CVE-2009-3555.
 
This issue occurs only when a renegotiation of the SSL session is possible. VMware has reviewed all interfaces where SSL traffic is present and has found that none of them allow renegotiation.
 
This includes:
  • Communication between vCenter (VirtualCenter), vSphere Client (VI Client), ESX, and ESXi
  • OpenSSL functionality of ESX service console as used by ESX
  • VMware CIM APIs providing a Common Information Model (CIM) interface
  • VMware Web Access

Solution

Updating OpenSSL to the version 0.9.8l, which remediates CVE-2009-3555 is not relevant, because VMware products are not affected.

The CVE-2009-3555 vulnerability is explained in http://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_0_9_8l.
For more information, see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555.

Based on VMware KB 1016357
  • 0 Kunder som kunne bruge dette svar
Hjalp dette svar dig?

Relaterede artikler

Hardware and firmware requirements for 64-bit guest operating systems

PurposeThis article explains the host machine hardware and firmware requirements for installing...

Logging in to the vCenter Server 5.0 Web Client fails with the error: unable to connect to vCenter Inventory Service

DetailsAfter upgrading from vCenter Server 4.1 to 5.0, you experience these symptoms:Cannot log...

Multiple network entries in vCenter Server 5.0.x after migrating virtual machines from a virtual switch to a virtual distributed switch

SymptomsAfter migrating virtual machines from a virtual switch to a virtual Distributed...

Minimum requirements for the VMware vCenter Server 5.x Appliance

PurposeIf you are using the VMware vCenter Server Appliance, beginning with vSphere 5.0 you can...