Support > Knowledge Base

Knowledge Base

Search the Knowledge Base:

Guided Search

Products:

Search In:

ESX Server 3.5, Patch ESX350-200802415-SG: Security Update to Samba Packages

Details

Release Date: 3/10/2008
Document Last Updated: 3/10/2008

Download Size:
21.2 MB
Download Filename:
ESX350-200802415-SG.zip
md5sum:
5ee3bc45d863e8c83ffef036685fd4f6

Product Versions	ESX Server 3.5.0
Patch Classification	Security
Supersedes	ESX350-200712402-SG
Dependencies	ESX350-200802403-BG
Virtual Machine Migration or Reboot Required	No
ESX Server Host Reboot Required	No
PRs Fixed	224002
Affected Hardware	N/A
Affected Software	Samba
RPMs Included	samba-3.0.9-1.3E.14.3.i386.rpm samba-client-3.0.9-1.3E.14.3.i386.rpm samba-common-3.0.9-1.3E.14.3.i386.rpm
Related CVE numbers	CVE-2007-6015, CVE-2007-4572, CVE-2007-5398 , CVE-2007-4572

Summary

This patch provides updates to the Samba package distributed with the service console for ESX Server 3.5.0. The patch addresses the following security issues:

Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user can trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.
This patch also fixes a regression caused by the fix for CVE-2007-4572 and previously included in patch ESX350-200712402-SG, which prevented some clients from being able to properly access shares. The issues fixed for this CVE include:
- An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
- An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a primary or backup domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues.

Note: These vulnerabilities can be exploited only if the attacker has access to the service console network. See the VMware Security Best Practices document http://www.vmware.com/resources/techresources/726 for configuration recommendations which enable ESX Server systems to resist this type of issue.

Solution

Symptoms

See Summary section, above.

Deployment Considerations

This patch includes three updated RPMs for Samba. A default installation of ESX Server installs the samba-client-* and samba-common-* packages, which are needed for Samba client functionality. Some customers install the base samba-* package to enable full Samba functionality, however, VMware strongly recommends you do not install this part of the application on the service console.

Important: This patch installs all three packages by default. To exclude the base package (recommended), run esxupdate with the -x option.

esxupdate -d <depot URL or path> -x samba-3.0.9-1.3E.14.3vmw update

For more information on esxupdate usage, see the ESX Server 3 Patch Management Guide at http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf.

Patch Download and Installation

To automatically download and install patches on your ESX Server 3.5 hosts, use the VMware Update Manager. For more information, see the Update Manager Administration Guide at http://www.vmware.com/pdf/vi3_vum_10_admin_guide.pdf.

To update ESX Server 3.5 hosts from the command line of the service console, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install it using the esxupdate utility. For more information about using esxupdate, see the ESX Server 3 Patch Management Guide at http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf.

Keywords

ESX350-200802415-SG; ESX350-200712402-SG; RHSA-2007:1114-01

Feedback

Actions

KB Article: 1003462
Updated: Aug 14, 2009

Products:
VMware ESX
Product Versions:
VMware ESX 3.5.x

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)