Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

ESX Server 3.0.2, Patch ESX-1006361: Security and Other Fixes for VMware-esx-vmx, VMware-esx-vmkernel, and VMware-esx-apps RPMs

Details

Release Date: 09/30/08
Document Last Updated: 10/6/08
 

f5c997ee045ba190e41f75b65e67c309
Product Versions
ESX Server 3.0.2
Patch Classification
Security
Supersedes
Virtual Machine Migration or Reboot Required
Yes
ESX Server Host Reboot Required
Yes
PRs Fixed
157117, 296333, 302726, 309810, 238850, 193839
Affected Hardware
N/A
Affected Software
Virtual E1000 NIC, Windows Server 2003 64-bit Enterprise operating systems, 64-bit Windows and FreeBSD guest operating systems
RPMs Included
VMware-esx-vmx, VMware-esx-vmkernel, VMware-esx-apps
Related CVE numbers
CVE-2008-4279

Summary

This patch fixes the following issues:
  • Guest operating systems generate host bus adapters warnings in the recent Linux kernels containing the ata_piix4 driver. Hard disks and CD-ROM drives are not recognized.
  • When using the virtual E1000 NIC, sometimes the vmkernel might try accessing pages beyond the physical memory range of the guest operating systems causing the virtual E1000 NIC to stop responding.

  • Any user running an info-get command with an invalid key in the guest operating system might cause the virtual machine to stop responding. The info-get command run on Windows operating systems is VMwareService -cmd "info-get" . The info-get command run on Linux operating systems is vmware-guestd --cmd "info-get"

  • Under certain conditions, running a Wireshark capture on a Windows Server 2003 Enterprise x64 virtual machine containing E1000 adapter causes the virtual machine to stop responding and be powered off.
  • The range track overflows and triggers flushing of all dependent translation-lookaside buffers (TLBs) causing serious performance impact. 

  • VMware addresses an in-guest privilege escalation on 64-bit guest operating systems.

Solution

Symptoms

The following issue might be seen on systems without this patch:
  • In a corner case, network service might stop on 64-bit guest operating systems using Virtual e1000 NIC with the following message logged in vmkernel .
    WARNING: Alloc: 3412: vm 1212: ppn=0xc0000 out of range: 0x0-0xc0000 (count=2)
    WARNING: P2MCache: vm 1212: 478: GetPhysMemRange failed: PPN 0xc0000 canBlock 0 status Bad parameter

  • VMware addresses an in-guest privilege escalation on 64-bit guest operating systems.

    VMware products emulate hardware functions including CPU, memory, and I/O.

    A flaw in VMware's CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address. Exploitation of this issue on the guest operating system does not lead to a compromise of the host system, but could lead to a privilege escalation on guest operating systems. An attacker would need to have a user account on the guest operating system.

    Affected guest operating systems include 64-bit Windows, 64-bit FreeBSD, and possibly other 64-bit operating systems.

    The issue does not affect the 64-bit versions of Linux guest operating systems.

    VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4279 this issue.

Deployment Considerations

N/A

Download Instructions

Download and verify the patch bundle as follows:
  1. Download patch ESX-1006361 from http://www.vmware.com/download/vi/vi3_patches.html.

  2. Log in to the ESX Server service console as root.

  3. Create a local depot directory.

    # mkdir -p /var/updates

    Note: VMware recommends that you use the updates directory.

  4. Change your working directory to /var/updates.

    # cd /var/updates
  5. Download the tar file into the /var/updates directory.

  6. Verify the integrity of the downloaded tar file:

    # md5sum ESX-1006361.tgz

    The md5 checksum output should match the following:

    f5c997ee045ba190e41f75b65e67c309 ESX-1006361.tgz
  7. Extract the compressed tar archive:

    # tar -xvzf ESX-1006361.tgz
  8. Change to the newly created directory, /var/updates/ESX-1006361:

    # cd ESX-1006361

Installation Instructions

Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch. A reboot of the ESX Server host is required after applying this patch.
 
After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:

# esxupdate update

To run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-1006361 update

For example, if the host is called depot:

# esxupdate -r file:///depot/var/updates/ESX-1006361 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown, below.

# esxupdate -v 10 file://<directory>/ESX-1006361 update

For more information on how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.

Keywords

esxpatch;esx302

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1006361
  • Updated: Aug 14, 2009
  • Product Versions:
    VMware ESX 3.0.x