VMware

VMware ESX Server 2.0.1 Security Update


Released 12/18/03

TAR File

This patch includes a new update for ESX Server 2.0.1 and addresses a vulnerability in the Linux kernel. In ESX Server, the service console is implemented using a modified Linux distribution. A security bug has been discovered in the Linux kernel within the sbrk() function. A user could execute the sbrk() system call with invalid values and cause the kernel to map its memory into the user application. This patch includes a new update for ESX Server 2.0.1 and addresses the vulnerability in the Linux kernel.

Details on this advisory are available at:  http://www.kb.cert.org/vuls/id/301156

Note: This patch only works if you have ESX Server 2.0.1 build 6403. Please make sure that this build is installed before applying the patch.

Installing the Update

This update will require a reboot of your ESX server to take effect. You must shutdown your virtual machines before installing the patch.

  1. Log in as root into the ESX Server 2.0.1 service console.
  2. Your path variable should contain /usr/bin:/bin.
  3. Download the tar file, into a temporary directory, for example /tmp, on your ESX service console.
  4. Change directories to /tmp:
    cd /tmp
  5. Verify the integrity of the package:
    md5sum esx201_patch_6687.tar.gz

    The md5 checksum output should match the following:
    4eeafafc6f795af5a1acc5705b64030f esx201_patch_6687.tar.gz

  6. Extract the compressed tar archive:
    tar -xvzf esx201_patch_6687.tar.gz

    You will see the following output:
    ./esx201_patch_6687/
    ./esx201_patch_6687/vmlinux-2.4.9-vmnix2-p6687
    ./esx201_patch_6687/vmlinuz-2.4.9-vmnix2-p6687
    ./esx201_patch_6687/esx6687update.pl

  7. Change directories to the newly created directory, /tmp/esx201_patch_6687:
    cd esx201_patch_6687
  8. Run the driver installer:
    /usr/bin/perl ./esx6687update.pl
  9. The drivers are now updated. Reboot your ESX Server machine for the update to take effect.