ESX Server 3.0.1, Patch ESX-1004186: VMware VIX API Memory Overflow Vulnerabilities; VMware Tools Local Privilege Escalation on Windows-based GOS; Unable to Browse NFS or Networking Shares; Pre-Built Modules for VMware Tools (1004186)
The VIX API (also known as Vix) is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers. Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled." This configuration setting is present in the following products:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. To complete the fix, install ESX-1004186 and ESX-1004725.
VMware Workstation 6.0.2 and higher
VMware ACE 6.0.2 and higher
VMware Server 1.06 and higher
VMware Fusion 1.1.2 and higher
ESX Server 3.0 and higher
ESX Server 3.5 and higher
The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. This is a guest driver vulnerability and not a vulnerability on the ESX Server host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the ESX Server host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a ESX Server host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue.
Unable to browse NFS or other networking shares from a Windows virtual machine, when VMware Tools is installed.
Pre-built Modules for installing VMware Tools on SUSE Linux Enterprise Server 9 SP4.
Access to networking shares might not be possible. For example, if you are accessing an NFS share on a Solaris machine from Windows 2003 SP1 virtual machine, you will be unable to access the share and might encounter the 404 Page not found error.
When trying to install VMware Tools, VMware Tools generates the following message and fails to continue until the gcc location and kernel source files are specified manually.
Download and verify the patch bundle as follows:
3. Create a local depot directory.
# mkdir -p /var/updates
Note: VMware recommends that you use the updates directory.
4. Change your working directory to /var/updates.
# cd /var/updates
The md5 checksum output should match the following:
7. Extract the compressed tar archive:
# tar -xvzf ESX-1004186.tgz
8. Change to the newly created directory, /var/updates/ESX-1004186:
# cd ESX-1004186
Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch.
After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:
# esxupdate update
To run esxupdate from a different directory, you must specify the bundle path in the command:
# esxupdate -r file://<directory>/ESX-1004186 update
For example, if the host is called depot:
# esxupdate -r file:///depot/var/updates/ESX-1004186 update
During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.
# esxupdate -v 10 file://<directory>/ESX-1004186 update
For more information how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf .