VMware ESX Server 3i, Patch ESXe350-200805502-T-SG: VMware Tools Update (1004173)
Release Date: 03 JUNE 2008
Document Last Updated: 03 JUNE 2008
|Product Versions||ESX Server 3i version 3.5|
|Virtual Machine Migration or Reboot Required||No|
|ESX Server Host Reboot Required||No|
|PRs Fixed||244313, 244316, 259537, 259574, 144382, 225506|
|Related CVE numbers||CVE-2008-2100|
Summaries and Symptoms
Issues fixed in this patch (and their relevant symptoms, if applicable) include:
- Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. (PRs 244313, 244316, 259537, 259574)
The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers.
The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled."
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue.
- A fix to allow the vm-support script to upload all the data it collects from a Windows guest to the virtual machine's log file, vmware.log. (PR 144382)
- An error message now displays to alert users that connecting to a remote client device from a Linux guest's VMware Tools is not possible. (PR 225506)
None beyond the required patch bundles and reboot information listed in the table, above.
Patch Download and Installation
For information on using VMware Update Manager to automatically update ESX Server 3i hosts, see the VMware Update Manager Administration Guide.
- ESXe350-200805501-I-SG: Firmware Update - Contains several fixed issues. See KB 1004172 for details.
ESXe350-200805502-T-SG: VMware Tools Update for ESXi - Described in this KB.
ESXe350-200805503-C-SG: VI Client update for ESXi - This bundle syncs up VI Client with the most recent version from Update 1. See KB 1005073 for details.
Note: ESX Server 3i hosts do not reboot automatically when using the RCLI and the vihostupdate command. The hosts must be manually rebooted after any update has been installed. Please refer to the guides listed above for more information or for information on how to perform updates so that they can be rolled back after installation.