VMware

VMware ESX Server 2.5.4 Upgrade Patch 15 (for 2.5.4 Systems Only)

Released 01/31/08

TAR File

This document contains the following information:

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch includes:

  • Updates to the Samba package distributed with the service console for ESX Server 2.5.4 that address the issue of a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user can trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.
    Thanks to Alin Rad Pop of Secunia Research for identifying and reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.

    Note: This vulnerability can be exploited only if the attacker has access to the service console network. See the VMware Security Best Practices document http://www.vmware.com/resources/techresources/726 for configuration recommendations which enable ESX Server systems to resist this type of issue.

  • Updates to the Python package distributed with the service console for ESX Server 2.5.4 that address the following issues:
    • An integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions. If a Python application uses the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.

    • A flaw in Python's locale module where strings generated by the strxfrm() function are not properly NULL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.

    • Multiple integer overflow flaws in Python's imageop module can allow an attacker to cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.

  • Fix for an issue where the aacraid SCSI driver does not check IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.

Resolved Issues

This patch addresses the following issues:

  • Fixes an issue with the reporting of the sysObjectId value by SNMP agents. With this fix, the correct value is reported by the SNMP agents for SNMP trap and get operations.

Applicability

This patch is an ESX Server 2.5.4 patch. Ensure that ESX Server 2.5.4 build 32233 or higher is installed before applying the patch. Run vmware -v to display the version and build information for your system.

Note: For an IBM x460 server, please follow the instructions in KB 8949128 to boot the server into maintenance mode before applying the patch.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350MB of temporary free space on the "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select the option appropriate for your system.
    • For a boot-from-SAN installation, select esx-san-safe.
    • For all other installations, select linux-up.
  4. Log in as root to the ESX Server service console, in Linux mode.
  5. Download the tar file into a temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.5.4-69112-upgrade.tar.gz

    The md5 checksum output should match the following:
    a31065571a2da5bb5e69a5ccab6aa467 esx-2.5.4-69112-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.5.4-69112-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.5.4-69112-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt is displayed:
    Reboot the server now [y/n]?

    This update will not be complete until you reboot the ESX Server. If you enter n to indicate that you will not reboot at this time, ESX Server displays the warning message: Please reboot the server manually. Your virtual machines will not run properly until this is done. If you see this message, you must manually reboot the server to complete the driver update.

  12. At the reboot prompt, enter y to reboot the server.