Quote from a VMware letter to customers:
The following versions of VMware GSX Server use versions of OpenSSL for securing remote management connections that have known vulnerabilities.
These vulnerabilities can expose systems to denial of service attacks:
– VMware GSX Server 3.0.0 (for Windows and Linux systems) build 7592
– VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336 and earlier
The vulnerabilities affecting OpenSSL are described in these reports:
OpenSSL Security Advisory [17 March 2004]
http://www.openssl.org/news/secadv_20040317.txt
CERT Technical Cyber Security Alert TA04-078A
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
CAN-2004-0112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
CAN-2004-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081
For GSX Server 3.0.0 systems, VMware has made OpenSSL patches available to correct the reported vulnerabilities. These patches update GSX Server 3.0.0 systems and virtual machine consoles with OpenSSL version 0.9.7d. See the following VMware Knowledge Base article for instructions on applying the OpenSSL patches to GSX Server 3.0.0
systems:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257
For GSX Server 2.x.x systems, VMware has released an updated version of GSX Server (version 2.5.2) that incorporates OpenSSL version 0.9.7d.
See the following VMware Knowledge Base article for information about GSX Server 2.5.2:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256
VMware strongly urges GSX Server customers to apply the OpenSSL updates as soon as possible.