VMware ESX 3.5, Patch ESX350-200808405-SG: Security Update to the Net-SNMP Package of the Service Console (1005814)
Summaries and Symptoms
This patch fixes the following security issues:
A flaw was found in the way Net-SNMP checks an SNMP version 3 packet's Keyed-Hash Message Authentication Code (HMAC). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2008-0960 to this issue.
A buffer overflow was found in the Perl bindings for Net-SNMP. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2008-2292 to this issue.
Patch Download and Installation
See the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX Server 3.5 hosts.
To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://support.vmware.com/selfsupport/download/ and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.