VMware

VMware ESX Server 2.1.3 Upgrade Patch 8 (for 2.1.3 Systems Only)

Released 9/06/07

TAR File

This document contains the following information:

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

  • Service console package Samba, has been updated to address the following issues:

    Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446)

    Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, on Red Hat Enterprise Linux 5 but not on ESX Server, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447)

    Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues.

    Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware.

  • Updated Bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-0494 to this issue.

    Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware.

  • This patch provides updated service console package krb5 fixes.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues.

    Thanks to David Coffey for identifying and reporting these issues.

    Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a fix has been provided for completeness.

Applicability

This patch is an ESX Server 2.1.3 patch. Ensure that ESX Server 2.1.3 build 22983 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into the temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.1.3-53228-upgrade.tar.gz

    The md5 checksum output should match the following:
    32f9f87a99c5c801dd61492a9d91dfe2 esx-2.1.3-53228-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.1.3-53228-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.1.3-53228-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?
  12. This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

  13. At the reboot prompt, enter Y to reboot the server.