Release Date: 03 JUNE 2008
Document Last Updated: 03 JUNE 2008
Download Size: 280 KB Download Filename: ESX350-200805504-SG.zip md5sum: 4c1b1a8dcb09a636b55c64c290f7de51
| Product Versions | ESX Server 3.5 | Patch Classification | Security | Supersedes | None | Requires | ESX350-200805502-BG | Virtual Machine Migration or Reboot Required | No | ESX Server Host Reboot Required | No | PRs Fixed | 255470 | Affected Hardware | N/A | Affected Software | Cyrus SASL | RPMs Included | cyrus-sasl-2.1.15-15.i386.rpm cyrus-sasl-md5-2.1.15-15.i386.rpm | Related CVE numbers | CVE-2006-1721 |
|
Summaries and Symptoms
This patch includes an updated cyrus-sasl package for the ESX Server service console that corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the server.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table, above.
Based on VMware KB 1004640