Search the Knowledge Base: |
Search the Knowledge Base: |
Release Date: 3/10/2008
Document Last Updated: 3/10/2008
|
Download Size: 88 KB Download Filename: ESX350-200802406-SG.zip md5sum: 408a8a5aefde2ce33dec78cb01f80aca |
|
This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw can allow a local user on the service console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.
N/A
Patch bundles ESX350-200802403-BG and ESX350-200802409-BG must be installed prior to installing this patch. The esxupdate utility will check to ensure ESX350-200802403-BG and ESX350-200802409-BG are installed before proceeding with installation of this patch.
To automatically download and install patches on your ESX Server 3.5 hosts, use the VMware Update Manager. For more information, see the Update Manager Administration Guide at http://www.vmware.com/pdf/vi3_vum_10_admin_guide.pdf.
To manually update ESX Server 3.5 hosts, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate on the service console. For more information about using esxupdate, see the ESX Server 3 Patch Management Guide at http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf.