Quote from a VMware letter to customers: The following versions of VMware GSX Server use versions of OpenSSL for securing remote management connections that have known vulnerabilities. These vulnerabilities can expose systems to denial of service attacks: - VMware GSX Server 3.0.0 (for Windows and Linux systems) build 7592 - VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336 and earlier The vulnerabilities affecting OpenSSL are described in these reports: OpenSSL Security Advisory [17 March 2004] http://www.openssl.org/news/secadv_20040317.txt CERT Technical Cyber Security Alert TA04-078A http://www.us-cert.gov/cas/techalerts/TA04-078A.html CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 CAN-2004-0112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 For GSX Server 3.0.0 systems, VMware has made OpenSSL patches available to correct the reported vulnerabilities. These patches update GSX Server 3.0.0 systems and virtual machine consoles with OpenSSL version 0.9.7d. See the following VMware Knowledge Base article for instructions on applying the OpenSSL patches to GSX Server 3.0.0 systems: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257 For GSX Server 2.x.x systems, VMware has released an updated version of GSX Server (version 2.5.2) that incorporates OpenSSL version 0.9.7d. See the following VMware Knowledge Base article for information about GSX Server 2.5.2: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256 VMware strongly urges GSX Server customers to apply the OpenSSL updates as soon as possible.