Quote from a VMware letter to customers:
The following versions of VMware GSX Server use versions of OpenSSL for securing remote management connections that have known vulnerabilities.
These vulnerabilities can expose systems to denial of service attacks:
– VMware GSX Server 3.0.0 (for Windows and Linux systems) build 7592
– VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336 and earlier
The vulnerabilities affecting OpenSSL are described in these reports:
OpenSSL Security Advisory [17 March 2004]
CERT Technical Cyber Security Alert TA04-078A
For GSX Server 3.0.0 systems, VMware has made OpenSSL patches available to correct the reported vulnerabilities. These patches update GSX Server 3.0.0 systems and virtual machine consoles with OpenSSL version 0.9.7d. See the following VMware Knowledge Base article for instructions on applying the OpenSSL patches to GSX Server 3.0.0
For GSX Server 2.x.x systems, VMware has released an updated version of GSX Server (version 2.5.2) that incorporates OpenSSL version 0.9.7d.
See the following VMware Knowledge Base article for information about GSX Server 2.5.2:
VMware strongly urges GSX Server customers to apply the OpenSSL updates as soon as possible.