Security Response to CAN-1999-0524: Unblocked ICMP Packet Vulnerability
search cancel

Security Response to CAN-1999-0524: Unblocked ICMP Packet Vulnerability

book

Article ID: 339781

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

A security software audit warns that an ESX Server machine may have the security vulnerability described at: cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0524. How can I protect my server? Does VMware have a fix for this?

Environment

VMware ESX Server 2.1.x
VMware ESX Server 2.0.x
VMware ESX Server 2.5.x

Resolution

This is not in itself a serious security problem. This method of attack provides information that could help an attacker to identify other vulnerabilities, but does no direct harm.

This vulnerability relies on triggering ICMP packets (used by the ping utility, for example) that convey information about the network. VMware recommends that you install ESX Server on machines protected by a firewall, and block ICMP packets passing through the firewall in either direction.

Powered by Wolken Software