Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Security Response to CA-2002-23: Installing OpenSSL Patch to Correct Vulnerabilities in VMware GSX Server 2.0.0 and 2.0.1

Details

How do I install the OpenSSL patch to correct the vulnerabilities reported in CERT Advisory CA-2002-23 on July 30, 2002:
www.cert.org/advisories/CA-2002-23.html.

How do I verify if my system has been patched?

Solution

VMware GSX Server 2.0.0 build 2050 and 2.0.1 build 2129 (for Windows) use OpenSSL versions 0.9.6c and 0.9.6e which have known vulnerabilities that can permit a remote attacker to execute arbitrary code or create a denial of service.

VMware GSX Server 2.5 uses the correct OpenSSL 0.9.6g patch and is not subject to the above vulnerabilities. VMware strongly enourages GSX Server 2.0.x users to upgrade to version 2.5.

VMware GSX Server 1.0 and VMware Workstation do not use OpenSSL and is therefore not subject to the above vulnerabilities.

All VMware GSX Server 2.0.1 build 2129 (for Windows) users are strongly urged to install the OpenSSL 0.9.6g patch that fixes known OpenSSL vulnerabilities. GSX Server 2.0.0 (for Windows) users who cannot upgrade to 2.0.1 should also install this patch, however an upgrade to 2.0.1 first is preferred because of other security fixes in that release.

To verify if your VMware GSX Server 2.0.0 or 2.0.1 (for Windows) system has been patched, run this command from a Windows command prompt:
C:\Program Files\VMware\VMware GSX Server\openssl version [this is the default install location, your installed location may vary]

If the command returns:
"OpenSSL 0.9.6g 09 Aug 2002"

your system has already been patched, no further steps are necessary.

If the command indicates an earlier version of OpenSSL, the patch is not installed on your system. Please take the following steps to install the patch:

Download the OpenSSL patch from
www.vmware.com/download/gsx_security.html.
Stop or suspend any virtual machines which are running on the GSX Server host.
Close any open VMware Management Interface and VMware Remote Console sessions connected to the GSX Server host.
Open the Services window to stop two VMware services. Choose Start > Programs > Administrative Tools > Services. Right-click the VMware Authorization Service and select Stop.
In the Services window, right-click the VMware Registration Service and select Stop.
Unzip the downloaded patch.
1. Extract the files openssl.exe, libeay32.dll and ssleay32.dll to each of the following directories:
  - C:\Program Files\VMware\VMware GSX Server
  - C:\Program Files\VMware\VMware Management Interface
  - C:\Program Files\VMware\VMware Remote Console
  - C:\Program Files\VMware\VMware VmCOM Scripting API
  - C:\Program Files\VMware\VMware VmPerl Scripting API
2. When asked if you want to replace the existing files, select "Yes."
3. Extract openssl.exe to
  C:\Program Files\VMware\VMware GSX Server\ssl
  You need to create a folder called "ssl."
Note: If you installed in a non-default location, you must adjust the location selected for extracting the patched files.
Restart the VMware Registration Service. In the Services window, right-click the VMware Registration Service and select Start.
Restart the VMware Authorization Service. In the Services window, right-click the VMware Authorization Service and select Start.
You may now resume or restart any virtual machines on the GSX Server host.

Keywords

820; urlz; alertz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5

1 2 3 4 5

Actions

Bookmark Document

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)