Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

ESX Server 3.0.2, Patch ESX-1004727: VMware VIX API Memory Overflow Vulnerabilities; VMware Tools Local Privilege Escalation on Windows-Based GOS; Unable to Browse NFS or Networking Shares; Pre-Built Modules for VMware Tools (1004727)

Details

Release Date: 06/03/08
Document Last Updated: 06/03/08
 
31a67b0fa3449747887945f8d370f19e
Product Versions
ESX Server 3.0.2
Patch Classification
Security
Supersedes
Virtual Machine Migration or Reboot Required
No
ESX Server Host Reboot Required
No
PRs Fixed
259575, 265676, 221068, 236171, 219894, 271117, 270658
Affected Hardware
N/A
Affected Software
Unknown
RPMs Included
VMware-esx-tools
Related CVE numbers
CVE-2007-5671, CVE-2008-2100

Summary

This patch fixes the following issues:
  • The VIX API (also known as Vix) is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers. Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.
     
    The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled." This configuration setting is present in the following products:
     
    • VMware Workstation 6.0.2 and higher
    • VMware ACE 6.0.2 and higher
    • VMware Server 1.06 and higher
    • VMware Fusion 1.1.2 and higher
    • ESX Server 3.0 and higher
    • ESX Server 3.5 and higher
     
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. To complete the fix, install ESX-1004727, ESX-1004216, and ESX-1004726.
     
  • The VMware Tools package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. This is a guest driver vulnerability and not a vulnerability on the ESX Server host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the ESX Server host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a ESX Server host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product.
     
    NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system.
     
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue.
     
  • Unable to browse NFS or other networking shares from a Windows virtual machine when VMware Tools is installed.
     
  • Pre-built Modules for installing VMware Tools on SUSE Linux Enterprise Server 9 SP4.

Solution

Symptoms

The following issues occur without this patch:
  • Access to networking shares might not be possible. For example, if you are accessing an NFS share on a Solaris machine from Windows 2003 SP1 virtual machine, you will be unable to access the share and might encounter the 404 Page not found error.
     
  • When trying to install VMware Tools, VMware Tools generates the following message and fails to continue until the gcc location and kernel source files are specified manually.
     
    None of the pre-built vmmemctl modules for VMware tools is suitable for your running kernel. Do you want this program to try to build the vmmemctl module for your system (you need to have a C compiler installed on your system)? [yes]   

Deployment Considerations

N/A 
 
Download Instructions   

Download and verify the patch bundle as follows :

1.      Download patch ESX-1004727 from http://www.vmware.com/download/vi/vi3_patches.html .
 
2.      Log in to the ESX Server service console as root.
 

3.      Create a local depot directory.

# mkdir -p /var/updates

Note: VMware recommends that you use the updates directory.

4.      Change your working directory to /var/updates.

# cd /var/updates

5.      Download the tar file into the /var/updates directory.
 
6.      Verify the integrity of the downloaded tar file:
 
# md5sum ESX-1004727.tgz

The md5 checksum output should match the following:

31a67b0fa3449747887945f8d370f19e ESX-1004727.tgz
 

7.      Extract the compressed tar archive:

# tar -xvzf ESX-1004727.tgz

8.      Change to the newly created directory, /var/updates/ESX-1004727:

# cd ESX-1004727

Installation Instructions

After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:

# esxupdate update

To run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-1004727 update

For example, if the host is called depot:

# esxupdate -r file:///depot/var/updates/ESX-1004727 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.

# esxupdate -v 10 file://<directory>/ESX-1004727 update

For more information how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf

Keywords

esxpatch;esx302;alertz;urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: