ESX Service Console updates for openssl, bind, and vim

2009-03-31T00:00:00
ID VMSA-2009-0004
Type vmware
Reporter VMware
Modified 2010-01-06T00:00:00

Description

a. Updated OpenSSL package for the Service Console fixes a security issue.
OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.