ESX Server 3.0.2, Patch ESX-1004216: VMkernel LVM driver Might Stop Responding; VMware VIX API Memory Overflow Vulnerabilities; Snapshot Operations Might Fail Under High I/O Stress (1004216)
The identity of a LUN can change unexpectedly due to certain disk array configuration events. This patch prevents Logical Volume Manager (LVM) from going to a non-responsive state.
The VIX API (also known as Vix) is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers. Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled." This configuration setting is present in the following products:
VMware Workstation 6.0.2 and higher
VMware ACE 6.0.2 and higher
VMware Server 1.06 and higher
VMware Fusion 1.1.2 and higher
ESX Server 3.0 and higher
ESX Server 3.5 and higher
While running performance and benchmarking applications like IOzone or MemHog, performing snapshots consolidate operation might cause the virtual machine to stop responding and generates a KERNEL_STACK_INPAGE_ERROR or SYSTEM_SERVICE_EXCEPTION (77) error.
Download and verify the patch bundle as follows:
3. Create a local depot directory.
# mkdir -p /var/updates
Note: VMware recommends that you use the updates directory.
4. Change your working directory to /var/updates.
# cd /var/updates
The md5 checksum output should match the following:
7. Extract the compressed tar archive:
# tar -xvzf ESX-1004216.tgz
8. Change to the newly created directory, /var/updates/ESX-1004216:
# cd ESX-1004216
Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch. A reboot of the ESX Server host is required after applying this patch.
After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:
# esxupdate update
To run esxupdate from a different directory, you must specify the bundle path in the command:
# esxupdate -r file://<directory>/ESX-1004216 update
For example, if the host is called depot:
# esxupdate -r file:///depot/var/updates/ESX-1004216 update
During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.
# esxupdate -v 10 file://<directory>/ESX-1004216 update
For more information how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf .