Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)   View by Article ID

VMware ESX Server 3.5, Patch ESX350-200802304-SG: Security Update to the Perl Package (1003206)


Release Date: 3/10/08
Document Last Updated: 3/10/08


Download Size:
10.7 MB
Download Filename:

Product Versions ESX Server 3.5
Patch Classification Security
Replaces ESX350-200712404-SG
Requires ESX350-200802403-BG
Virtual Machine Migration or Reboot Required Yes
ESX Server Host Reboot Required Yes
PRs Fixed 1003206
Affected Hardware N/A
Affected Software N/A
RPMs Included perl-5.8.0-97.EL3
Related CVE numbers CVE-2007-5116


This patch provides updates to the Perl package distributed with the service console for ESX Server 3.5. The update adresses an issue where the regular expression engine in Perl can be used to issue a specially crafted regular expression that allows the attacker to run arbitrary code with the permissions of the current Perl user.

The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2007-5116 to this issue.

Note: This issue only affects the service console network, and is not a remote vulnerability for ESX Server hosts that have been set up with the security best practices provided by VMware. See for more information on security best practices.



There are no symptoms for this security issue.

Deployment Considerations

Patch bundle ESX350-200802403-BG must be installed prior to installing this patch. The esxupdate utility will check to ensure ESX350-200802403-BG is installed before proceeding with installation of this patch.

Patch Download and Installation

For information on using VMware Update Manager to automatically update ESX Server 3.5 hosts, see the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches.

To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from and install the bundle using the esxupdate tool from the command line of the host. For more information on using esxupdate to manage patches on ESX Server 3.5 hosts, see the ESX Server 3 Patch Management Guide.


alertz; urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings