Search the Knowledge Base: |
Search the Knowledge Base: |
|
Download Size: |
|
This patch provides updates to the util-linux package distributed with the service console for ESX Server 3.5. The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which can allow attackers to gain elevated privileges via helper application such as mount.nfs.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue.
Note: This issue only affects the service console network, and is not a remote vulnerability for ESX Server hosts that have been set up with the security best practices provided by VMware. See http://www.vmware.com/resources/techresources/726 for more information on security best practices.
There are no symptoms for this security issue.
Patch bundle ESX350-200802403-BG must be installed prior to installing this patch. The esxupdate utility will check to ensure ESX350-200802403-BG is installed before proceeding with installation of this patch.
For information on using VMware Update Manager to automatically update ESX Server 3.5 hosts, see the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches.
To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using the esxupdate tool from the command line of the host. For more information on using esxupdate to manage patches on ESX Server 3.5 hosts, see the ESX Server 3 Patch Management Guide.