Knowledge Base
Search the Knowledge Base: |
Search the Knowledge Base: |
VMware ESX Server 3.5, Patch ESX350-200802303-SG: Security Update to the util-linux Package
Details
|
Download Size: |
|
Summary
This patch provides updates to the util-linux package distributed with the service console for ESX Server 3.5. The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which can allow attackers to gain elevated privileges via helper application such as mount.nfs.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue.
Note: This issue only affects the service console network, and is not a remote vulnerability for ESX Server hosts that have been set up with the security best practices provided by VMware. See http://www.vmware.com/resources/techresources/726 for more information on security best practices.
Solution
Symptoms
There are no symptoms for this security issue.
Deployment Considerations
Patch bundle ESX350-200802403-BG must be installed prior to installing this patch. The esxupdate utility will check to ensure ESX350-200802403-BG is installed before proceeding with installation of this patch.
Patch Download and Installation
For information on using VMware Update Manager to automatically update ESX Server 3.5 hosts, see the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches.
To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using the esxupdate tool from the command line of the host. For more information on using esxupdate to manage patches on ESX Server 3.5 hosts, see the ESX Server 3 Patch Management Guide.
Keywords
Feedback
- KB Article: 1003205
- Updated: Aug 14, 2009
- Products:
VMware ESX - Product Versions:
VMware ESX 3.5.x