Linux kernel vulnerability may apply to ESX Service Console

There is a recent Linux kernel vulnerability (CVE-2010-3081) which is currently being exploited by hackers.  ZDNet reports:

“In the last day, we’ve received many reports of people attacking production systems using an exploit for this vulnerability, so if you run Linux systems, we recommend that you strongly consider patching this,” said Ksplice chief executive Jeff Arnold in a blog post on Saturday.

The flaw reportedly affects every 64-bit Linux distribution since 2008.

I am hearing reports (which I can’t confirm) that this does apply to ESX.  Since the vulnerability is 64-bit specific, I am thinking that the exploit applies to ESX 4.0 and 4.1 (ESX 3.x has a 32-bit console, and ESXi has no console).  Needless to say this is an advantage of the ESXi architecture.

If what I am hearing is correct, there should be a patch made available soon.  I’ll update this post if anything official is announced.

Leave a Reply

Your email address will not be published. Required fields are marked *