Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESXi 5.0, Patch ESXi500-201206401-SG: Updates esx-base (2021030)

Details

Release date: June 14, 2012

Patch Category Security
Patch Severity Critical
Build For build information see KB 2021031
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included VMware:esx-base:5.0.0-1.16.721882
PRs Fixed 874644, 875224
Related CVE numbers CVE-2012-3288, CVE-2012-3289

Solution

Summaries and Symptoms

This patch contains fixes for the following security issues:

VMware Host Checkpoint File Memory Corruption

Certain input data is not properly validated when loading checkpoint files. This might allow an attacker with the ability to load a specially crafted checkpoint file to execute arbitrary code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue.

The following workarounds and mitigating controls might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.

Workaround: None identified.

Mitigation: Do not import virtual machines from untrusted sources.

VMware Virtual Machine Remote Device Denial of Service

A device (for example CD-ROM or keyboard) that is available to a virtual machine while physically connected to a system that does not run the virtual machine is referred to as a remote device. Traffic coming from remote virtual devices is incorrectly handled. This might allow an attacker who is capable of manipulating the traffic from a remote virtual device to crash the virtual machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3289 to this issue.

The following workarounds and mitigating controls might be available to remove the potential for exploiting the issue and to reduce the exposure that the issue poses.

Workaround: None identified.

Mitigation:

  • Users need administrative privileges on the virtual machine in order to attach remote devices.
  • Do not attach untrusted remote devices to a virtual machine.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

      Request a Product Feature

      To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

      Feedback

      • 5 Ratings

      Did this article help you?
      This article resolved my issue.
      This article did not resolve my issue.
      This article helped but additional information was required to resolve my issue.
      What can we do to improve this information? (4000 or fewer characters)
      • 5 Ratings
      Actions
      KB: