OpenSSL security vulnerability with CVE-2011-1473 identifier affects vCenter Server, ESX, and ESXi
Article ID: 318387
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
A denial of service possibility has surfaced for OpenSSL. A server-side denial of service is possible if the client sends multiple renegotiation requests.
You may see these symptoms:
- You can connect to an ESX/ESXi host using the vSphere/VI client, but the ESX/ESXi host cannot be added to vCenter Server and you may receive the error:
Request timed out - You are able to add the host to vCenter Server, but the hardware status is lost.
- Existing ssh/VI client connections to ESX/ESXi are not affected.
- Virtual machines operate normally while under attack, without any obvious decline in performance.
Environment
VMware ESX Server 3.5.x
VMware ESXi 3.5.x Installable
VMware ESXi 4.1.x Embedded
VMware ESXi 4.0.x Installable
VMware vSphere ESXi 5.1
VMware ESX 4.1.x
VMware ESXi 4.1.x Installable
VMware ESXi 3.5.x Embedded
VMware ESXi 4.0.x Embedded
VMware ESX 4.0.x
VMware vSphere ESXi 5.0
VMware ESXi 6.x
VMware ESXi 7.x
Resolution
This is a known issue affecting vCenter Server, and multiple versions of ESX and ESXi.
Note: ESX and ESXi are able to recover automatically after the attack (that is, operation returns to normal). A reboot is not required.
Additional Information
For more information, see the Red Hat Bugzilla page.
This is an unresolved bug in OpenSSL that has not been fixed by the software maintainers at this time. It's an industry-wide problem with all users of OpenSSL and is not unique to VMware.
Note: ESX and ESXi are able to recover automatically after the attack (that is, operation returns to normal). A reboot is not required.
Additional Information
For more information, see the Red Hat Bugzilla page.
To be alerted when this article is updated, click Subscribe to Document in the Actions box.
Feedback
Yes
No
Powered by
