Sign up for Security

Enter your email address:


VMware ESX third party update for Service Console package sudo

VMware Security Advisory
Advisory ID: VMSA-2013-0007.1
Synopsis: VMware ESX third party update for Service Console package sudo
Issue date: 2013-05-30
Updated on: 2013-12-05
CVE numbers: CVE-2012-2337, CVE-2012-3440
1. Summary

VMware ESX third party update for Service Console package sudo
2. Relevant Releases

VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201305001
3. Problem Description
a. Service Console update for sudo

The service console package sudo is updated to version 1.7.2p1-14.el5_8.3

The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Running Replace with / 
Product Version on Apply Patch
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201312401-SG
ESX 4.0 ESX ESX400-201305402-SG
4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

ESXi and ESX

ESX 4.1
Build: 1368001
md5sum: c35763a84db169dd0285442d4129cc18
sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40
ESX410-201312001 contains ESX410-201312401-SG

ESX 4.0
Build: 1070634
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
ESX400-201305001 contains ESX400-201305402-SG

6. Change log
2013-05-30 VMSA-2013-0007
Initial security advisory in conjunction with the release of ESX 4.0 patches on 2013-05-30.

2013-12-05 VMSA-2013-0007.1
Security advisory update in conjunction with the release of ESX 4.1
patches on 2013-12-05.
7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

  • security-announce at
  • bugtraq at
  • full-disclosure at
E-mail: security at
PGP key at:

VMware Security Advisories

VMware security response policy

General support life cycle policy

VMware Infrastructure support life cycle policy

Copyright 2013 VMware Inc. All rights reserved.