VMware ESX third party update for Service Console package sudo

VMware Security Advisory
VMware Security Advisory Advisory ID:
VMware Security Advisory Synopsis:
VMware ESX third party update for Service Console package sudo
VMware Security Advisory Issue date:
VMware Security Advisory Updated on:
VMware Security Advisory CVE numbers:
CVE-2012-2337, CVE-2012-3440
1. Summary

VMware ESX third party update for Service Console package sudo

2. Relevant Releases

VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201305001


3. Problem Description

a. Service Console update for sudo

The service console package sudo is updated to version 1.7.2p1-14.el5_8.3
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product
Product Version
Running on
Replace with /  Apply Patch
VMware Product ESXi
Product Version any
Running on ESXi
Replace with /  Apply Patch not affected
VMware Product ESX
Product Version 4.1
Running on ESX
Replace with /  Apply Patch ESX410-201312401-SG
VMware Product ESX
Product Version 4.0
Running on ESX
Replace with /  Apply Patch ESX400-201305402-SG
4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

ESXi and ESX

ESX 4.1
File: ESX410-201312001.zip
Build: 1368001
md5sum: c35763a84db169dd0285442d4129cc18
sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40
ESX410-201312001 contains ESX410-201312401-SG

ESX 4.0
File: ESX400-201305001.zip
Build: 1070634
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
ESX400-201305001 contains ESX400-201305402-SG

6. Change log

2013-05-30 VMSA-2013-0007
Initial security advisory in conjunction with the release of ESX 4.0 patches on 2013-05-30.

2013-12-05 VMSA-2013-0007.1
Security advisory update in conjunction with the release of ESX 4.1
patches on 2013-12-05.


7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories

VMware security response policy

General support life cycle policy

VMware Infrastructure support life cycle policy

Copyright 2013 VMware Inc. All rights reserved.


Sign up for Security Advisories