ESX Server 3.0.0, Patch ESX-3069097: OpenSSL, Python, and OpenSSH Security Fixes

Details

Security Fixes

Refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

A possible security issue with the OpenSSL toolkit and the authentication of SSL certificates. Clients using OpenSSL and connecting to a malicious server can be caused to crash. The patch also addresses an issue when using RSA keys with an exponent of 3 that allows the forging of PKCS #1 v1.5 signatures and prevents OpenSSL from properly verifying X.509 and other certificates. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, and CVE-2006-4343 to these issues.
A possible security issue with how the Python function repr() handles UTF-32/UCS-4 strings. Python applications using this function can open a security vulnerability that can allow the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-4980 to this issue.
Possible security issues with OpenSSH where a signal handler race condition or an SSH-1 command could be used to create a denial of service. An issue exists regarding sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 where the end of a privileged session is not properly signaled, leaving an avenue to create a denial of service. This patch also addresses a possible vulnerability in the way that SCP copies files locally, creating a possible avenue to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CAN-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

Solution

Applicability

This patch is for ESX Server 3.0.0 only. For the related patch for ESX Server 3.0.1, refer to http://kb.vmware.com/kb/9986131.

Installing the Patch

Download Instructions

Download and verify the patch bundle as follows:

Download patch ESX-3069097 from http://www.vmware.com/download/vi/vi3_patches.html.
Log into the ESX Server service console as root.
Create a local depot directory.
# mkdir /var/updates

Note: VMware recommends that you use the updates directory.
Change your working directory to /var/updates.
# cd /var/updates
Download the tar file into the /var/updates directory.
Verify the integrity of the downloaded tar file.
# md5sum ESX-3069097.tgz
The md5 checksum output should match the following:
ca9947239fffda708f2c94f519df33dc ESX-3069097.tgz
Extract the compressed tar archive.
# tar -xvzf ESX-3069097.tgz
Change to the newly created directory, /var/updates/ESX-3069097.
# cd ESX-3069097

Installation Instructions

After you have downloaded and extracted the archive, and if you are in the directory you created above, install the update using the following command:

# esxupdate update

If you want to run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-3069097 update

For example, if the host is called depot:

# esxupdate –r file:///depot/var/updates/ESX-3069097 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below:

# esxupdate -v 10 -r file://<directory>/ESX-3069097 update

For more information on using esxupdate, please refer to the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.

Keywords

esx300;esxpatch

Feedback

Actions

KB Article: 3069097
Updated: Aug 14, 2009

Products:
VMware ESX
Product Versions:
VMware ESX 3.0.x

Knowledge Base

Search the Knowledge Base: