VMware ESX Server 2.0.2 Upgrade Patch 2 (for 2.0.2 Systems Only)
Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:
Openssh -- A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-2069 to this issue.
samba -- A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2006-3403 to this issue.
ucd-snmp -- A denial of service bug was found in the way ucd-snmp uses network stream protocols. A remote attacker could send a ucd-snmp agent a specially crafted packet which will cause the agent to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2005-2177 to this issue.
XFree86 -- An integer overflow flaw in the way the XFree86 server processes PCF files was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2006-3467 to this issue.
Python -- An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2005-2491 to this issue.
This patch addresses the following additional security issues:
- A minor info leak in socket name handling in the network code
- A minor info leak in socket option handling in the network code
- A directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences
- A flaw in the mprotect system call that allowed to give write permission to a read-only attachment of shared memory
This patch is an ESX Server 2.0.2 patch. Please make sure that ESX Server 2.0.2 build 23922 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.
Installing the Update
Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 200 MB of temporary free space on "/" filesystem is required for installing this patch.
This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to
reboot at the end of the upgrade, the installer will restart your system to run ESX Server.
- Power off all virtual machines.
- Restart your system.
- At the LILO Boot Menu, select the option appropriate for your system.
- For a boot-from-SAN installation, select esx-san-safe.
- For all other installations, select linux-up.
- Log in as root into the ESX Server service console, in Linux mode.
- Download the tar file into the temporary directory /tmp on the service console.
- Change directories to /tmp.
- Verify the integrity of the package:
# md5sum esx-2.0.2-31924-upgrade.tar.gz
The md5 checksum output should match the following:
- Extract the compressed tar archive:
# tar -xvzf esx-2.0.2-31924-upgrade.tar.gz
- Change to the newly created directory:
# cd esx-2.0.2-31924-upgrade
- Run the installer:
- The system updates have now been installed. A reboot prompt displays:
Reboot the server now [y/n]?
This update will not be complete until you reboot the ESX Server.
If you enter N, to indicate that you will not reboot at this time,
ESX Server displays the warning message "Please reboot the server manually. Your virtual machines
will not run properly until this is done." If you see this message, you must manually reboot the server
to complete the driver update.
- At the reboot prompt, enter Y to reboot the server.