VMware ESXi OpenSLP Remote Code Execution AKA Security Vulnerability - VMSA-2015-007

Categories: SteelFusion Edge, SteelHead EX (Appliance)
Solution Number: S27447

Issue

VMware issued Security Advisory VMSA-2014-0006.11  (CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470) and  released patches to fix. This document addresses the Riverbed rollout plan of this fix for ESXi server products running on Steelhead EX and SteelFusion Edge device (SFED).

CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470 - See more at: https://www.vmware.com/security/advisories/VMSA-2014-0006#sthash.zmMdx9SL.dpuf

 

Solution

Steelhead EX Device:

  • Upgrade to EX 3.6.1d now available on the support site.

SteelFusion Edge device (SFED):

  • Fix fill be available in EX 4.2.0 (ETA around 4th week November, 2015, barring unforeseen issues)
  • EX 4.2.0 can install either ESXi 6.0U1 or ESXi 5.5U3a. Both these versions have the fix.

Q: What are the options if you can't wait till the Riverbed Release date?

A: Customer can install  these VMware patches on ESXI running on SFED  through vCentre Update Manager or any other method supported by VMware, however modifications to the version of the installed ESXi hypervisor on the SteelFusion Edge and Steelhead EX device may transition the status of virtualization and support of the hypervisor to "Limited Support".

Q: What is Limited support and what are the implications?

A: Please see the KB S27008 for answers and details.

 

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2015-10-19
Can't find an answer? Create a case