ESX Server 3.0.1, Patch ESX-1004189: Service Console Security Update for Kerberos 5

Details

Release Date: 06/03/08

Document Last Updated: 06/03/08

Download Size:
656 KB
Download Filename:
ESX-1004189.tgz
md5sum:

21b620530b99009f469c872e73a439e8

Product Versions	ESX Server 3.0.1
Patch Classification	Security
Supersedes	ESX-1001723
Virtual Machine Migration or Reboot Required	No
ESX Server Host Reboot Required	No
PRs Fixed	253649
Affected Hardware	N/A
Affected Software	Kerberos 5
RPMs Included	krb5-libs-1.2.7-68
Related CVE numbers	CVE-2008-0062 CVE-2008-0063 CVE-2008-0948

Summary

This patch includes a critical security update to the service console to fix issues in Kerberos 5 . The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-0062, CVE-2008-0063, and CVE-2008-0948 to these issues.

These issues are described as follows at cve.mitre.org:

KDC in MIT Kerberos 5 does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted messages that trigger a NULL pointer de-reference or a double-free error.(CVE-2008-0062)

Note: ESX Server doesn't contain the krb5kdc binary and is not vulnerable to this issue.
The Kerberos 4 support in KDC in MIT Kerberos 5 does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information.(CVE-2008-0063)

Note: ESX Server doesn't contain the krb5kdc binary and is not vulnerable to this issue.
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering a large number of open file descriptors. (CVE-2008-0948)

Solution

Symptoms

No symptoms are available for this issue.

Deployment Considerations

N/A

Download Instructions

Download and verify the patch bundle as follows:

1. Download patch ESX-1004189 from http://www.vmware.com/download/vi/vi3_patches.html .

2. Log in to the ESX Server service console as root.

3. Create a local depot directory.

# mkdir -p /var/updates

Note: VMware recommends that you use the updates directory.

4. Change your working directory to /var/updates.

# cd /var/updates

5. Download the tar file into the /var/updates directory.

6. Verify the integrity of the downloaded tar file:

# md5sum ESX-1004189.tgz

The md5 checksum output should match the following:

21b620530b99009f469c872e73a439e8 ESX-1004189.tgz

7. Extract the compressed tar archive:

# tar -xvzf ESX-1004189.tgz

8. Change to the newly created directory, /var/updates/ESX-1004189:

# cd ESX-1004189

Installation Instructions

After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:

# esxupdate update

To run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-1004189 update

For example, if the host is called depot:

# esxupdate -r file:///depot/var/updates/ESX-1004189 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.

# esxupdate -v 10 file://<directory>/ESX-1004189 update

For more information how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf .

Keywords

esxpatch;esx301;alertz;urlz

Feedback

Actions

KB Article: 1004189
Updated: Aug 14, 2009

Product Versions:
VMware ESX 3.0.x

Knowledge Base

Search the Knowledge Base: