Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

What Is VMSA-2006-0004, Several Security Issues Affecting ESX Server 2.5.x? (2118366)

Details

VMware Security Advisory VMSA-2006-0004

Synopsis

Several security issues affecting ESX 2.5.x

CVE identifiers
CVE-2005-3618
CVE-2005-3620
CVE-2006-2481
CVE URLs
Response issued on 2006-07-26
Response updated on 2006-07-26

Relevant Releases

VMware ESX 2.5.3 prior to upgrade patch 2
VMware ESX 2.1.3 prior to upgrade patch 1
VMware ESX 2.0.2 prior to upgrade patch 1
 
Problem Description
 
An unauthorized user could potentially construct a specially crafted URL that might change a known user's password. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-3618 to this issue.
 
A local user could view potentially sensitive information. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2005-3620 to this issue.
 
If an attacker can gain access to browser cookies by any mechanism, such as through a cross site scripting attack, then they could acquire not only the session ID, but also the authentication credentials. The Common Vulnerabilities and Exposures (CVE) project has assigned the CVE-2006-2481 to this issue.
 
Note: This issue was fixed in ESX Server 2.5.3, ESX Server 2.5.2 Patch 4, and ESX Server 2.0.2 and later.

Solution

Upgrade to the latest packages: www.vmware.com/download/esx/.  

Installing the Update

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines and shut down your server.
  2. Restart your system.
  3. At the LILO boot menu, select the Linux option. Allow the system start procedure to complete.
  4. As root, log on to the ESX Server service console in Linux mode. Make sure your path variable contains /usr/bin:/bin.
  5. Download the TAR file into a temporary directory under /root on your ESX Server service console.
  6. Change directories to that temporary directory.
  7. Verify the integrity of the package for your version:
    # md5sum esx-*-upgrade.tar.gz

    The md5 checksum output should match one of the following:
    50c3260176c8cc33ad3bc880a20a4656 esx-2.5.3-28065-upgrade.tar.gz
    ddb67afe2a48a04fb764af2497d6b75c esx-2.5.3-27728-upgrade.tar.gz
    ce112a1d17893fbe5b47dfb011468269 esx-2.1.3-27733-upgrade.tar.gz
    7f9b2367bbc54f29586ade0e1e286837 esx-2.0.2-27920-upgrade.tar.gz
  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.0.1-18595-upgrade.tar.gz
  9. Change directories to the newly created directory
    # cd esx-2.0.1-18595-upgrade
  10. Run the patch installer:
    # /usr/bin/perl ./upgrade.pl

    Note: Once you start the installation script, do not enter keyboard escape commands such as Ctrl-C or Ctrl-D. Using escape commands will interrupt the upgrade procedure and leave your system partially upgraded.
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?

    This update will not be complete until you reboot the ESX Server system. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message:
    Please reboot the server manually for this update to take effect. Update has been terminated unexpectedly.

    If you see this message, you must manually reboot the server to complete the driver update.
  12. At the reboot prompt, enter Y to reboot the server.

References

www.corsaire.com/advisories/c060512-001.txt
www.corsaire.com/advisories/c051114-002.txt
www.corsaire.com/advisories/c051114-002.txt
www.vmware.com/products/esx/
www.vmware.com/download/esx/  

Acknowledgments

VMware would like to thank Stephen de Vries and Martin O'Neal of the security consultancy Corsaire Limited (www.corsaire.com/).

Contact

www.vmware.com/security

Keywords

alertz; urlz; VMSA; VMSA-2006-0004; CVE-2005-3618; CVE-2005-3620 CVE-2006-2481

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: