VMware

VMware ESX Server 2.5.4 Upgrade Patch 14 (for 2.5.4 Systems Only)

Released 12/27/07

TAR File

This document contains the following information:

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch includes:

  • Updates to the Samba package distributed with the service console for ESX Server 2.5 that address the following issues:
    • An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
    • An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues.

    Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. See http://www.vmware.com/resources/techresources/726 for more information on security best practices.


  • Updates to the OpenSSL package distributed with the service console for ESX Server 2.5 that address the following issues:
    • A flaw in the SSL_get_shared_ciphers() function can allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function.
    • A possible vulnerability that would allow a local attacker to obtain private RSA keys being used on a system using the OpenSSL package.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108 and CVE-2007-5135 to these issues.

    Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. See http://www.vmware.com/resources/techresources/726 for more information on security best practices.

Applicability

This patch is an ESX Server 2.5.4 patch. Ensure that ESX Server 2.5.4 build 32233 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Note: For an IBM x460 server, please follow the instructions in KB 8949128 to boot the server into maintenance mode before applying the patch.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350MB of temporary free space on the "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select the option appropriate for your system.
    • For a boot-from-SAN installation, select esx-san-safe.
    • For all other installations, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into a temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.5.4-65752-upgrade.tar.gz

    The md5 checksum output should match the following:
    24990b9207f882ccc91545b6fc90273d esx-2.5.4-65752-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.5.4-65752-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.5.4-65752-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?

    This update will not be complete until you reboot the ESX Server. If you enter n to indicate that you will not reboot at this time, ESX Server displays the warning message: Please reboot the server manually. Your virtual machines will not run properly until this is done. If you see this message, you must manually reboot the server to complete the driver update.

  12. At the reboot prompt, enter y to reboot the server.