VMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vulnerability allows a remote attacker to cause a DoS or potentially execute arbitrary code on the ESX server.

According to the advisory available at http://lists.vmware.com/pipermail/security-announce/2009/000059.html all ESX versions are affected (ESXi is not affected), however, the Kerberos package is not installed by default.