Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESX Server 3i, Patch ESXe350-200805502-T-SG: VMware Tools Update (1004173)

Details

Release Date: 03 JUNE 2008
Document Last Updated: 03 JUNE 2008

Product Versions ESX Server 3i version 3.5
Patch Classification Security
Virtual Machine Migration or Reboot Required No
ESX Server Host Reboot Required No
PRs Fixed 244313, 244316, 259537, 259574, 144382, 225506
Affected Hardware N/A
Affected Software
  • Windows guest operating systems
  • Linux guest operating systems
RPMs Included

VMware-esx-tools

Related CVE numbers CVE-2008-2100

Solution

Summaries and Symptoms

Issues fixed in this patch (and their relevant symptoms, if applicable) include:

  • Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.  (PRs 244313, 244316, 259537, 259574)

    The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers.

    The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled."

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue.

  • A fix to allow the vm-support script to upload all the data it collects from a Windows guest to the virtual machine's log file, vmware.log. (PR 144382)

  • An error message now displays to alert users that connecting to a remote client device from a Linux guest's VMware Tools is not possible. (PR 225506)

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table, above.

Patch Download and Installation

For information on using VMware Update Manager to automatically update ESX Server 3i hosts, see the VMware Update Manager Administration Guide.

ESX Server 3i hosts can also be updated by downloading the most recent "O" (offline) patch bundle from http://www.vmware.com/download/vi/vi3_patches_3i.html and installing the bundle using the Remote Command Line Interface (RCLI). For more information on using the RCLI and the vihostupdate command to update ESX Server 3i hosts, see the ESX Server 3i Configuration Guide and the ESX Server 3i Embedded Setup Guide or the ESX Server 3i Installable Setup Guide.
 
The offline patch bundle ESXe350-200805501-O-SG for the 03 JUNE 2008 release contains the following bundles:
  • ESXe350-200805501-I-SG: Firmware Update - Contains several fixed issues. See KB 1004172 for details.
  • ESXe350-200805502-T-SG: VMware Tools Update for ESXi - Described in this KB.
  • ESXe350-200805503-C-SG: VI Client update for ESXi - This bundle syncs up VI Client with the most recent version from Update 1. See KB 1005073 for details.

Note: ESX Server 3i hosts do not reboot automatically when using the RCLI and the vihostupdate command. The hosts must be manually rebooted after any update has been installed. Please refer to the guides listed above for more information or for information on how to perform updates so that they can be rolled back after installation.

Keywords

esx35p04

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: