VMware ESX Server 2.1.3 Upgrade Patch 4 (for 2.1.3 Systems Only)

Released 12/28/06

TAR File

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

  • A possible security issue with the configuration program vmware-config which could set incorrect permissions and umask on SSL key files. Local users may be able to obtain access to the SSL key files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

    Note: The affected files include /usr/bin/vmware-config.pl and /usr/bin/vmware-config-mui.pl.

  • A possible security issue with the OpenSSL toolkit and the authentication of SSL certificates. Clients using OpenSSL and connecting to a malicious server can be caused to crash. The patch also addresses an issue when using RSA keys with an exponent of 3 that allows the forging of PKCS #1 v1.5 signatures and prevents OpenSSL from properly verifying X.509 and other certificates. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, and CVE-2006-4343 to these issues.
  • A possible security issue with virtual disk (.vmdk or .dsk) files that are newly created, but contain blocks from recently deleted virtual disk files. Information belonging to the previously deleted virtual disk files could be revealed in newly created virtual disk files.

    VMware recommends the following workaround: When creating new virtual machines on an ESX Server that may contain sensitive data, use vmkfstools with the -W option. This initializes the virtual disk with zeros.


This patch is an ESX Server 2.1.3 patch. Please make sure that ESX Server 2.1.3 build 22983 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into the temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.1.3-35803-upgrade.tar.gz

    The md5 checksum output should match the following:
    7d7d0e40f4dccd5ca64b9c13a856da8f esx-2.1.3-35803-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.1.3-35803-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.1.3-35803-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?
  12. This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

  13. At the reboot prompt, enter Y to reboot the server.