VMware ESX Server 3.5, Patch ESX350-200803201-UG: Upgrade to the Openwsman Protocol Adapter, Fix for OpenPegasus Management Server (1003695)
Release Date: 10 APR 2008
Document Last Updated: 23 APR 2008
This patch bundle upgrades the Openwsman Protocol Adapter used on the ESX Server host to version 1.5.1. Please see http://www.openwsman.org for more information on this release.
This patch also fixes the stack buffer overflow flaw found in the pre-auth remote (PAM) authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.
There are no symptoms available for the updates provided by this patch.
Patch Download and Installation
For information on using VMware Update Manager to automatically update ESX Server 3.5 hosts see the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches.
To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using the the esxupdate tool from the command line of the host. For more information on using esxupdate to manage patches on ESX Server 3.5 hosts, see the ESX Server 3 Patch Management Guide.