VMware Security Advisory: VMware ESX third party update for Service Console : @VMblog

Article

Search:

Follow VMblog.com:

Is your Office 365 data protected? Find out more.

VMware Security Advisory: VMware ESX third party update for Service Console

VMware ESX Service Console OS (COS) kernel update for VMware ESX 4.1 without patch ESX410-201011001:

Problem Description:

Service Console OS update for COS kernel package.

This patch updates the Service Console kernel to fix a stack pointer underflow issue in the 32-bit compatibility layer.

Exploitation of this issue could allow a local user to gain additional privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3081 to this issue.

VMware Product Running Replace with/ Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX ESX410-201011402-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

Solution:

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESX 4.1
-------
ESX410-201011001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-253-20101122-763
417/ESX410-201011001.zip
md5sum: e73fd3302529c1d85d9cc47457dfb963
sha1sum: c0e0eac907c04105791ac44e288e7d8076dc14e0
http://kb.vmware.com/kb/1029400

ESX410-201011001 contains the following security bulletins:
ESX410-201011402-SG (COS kernel) | http://kb.vmware.com/kb/1029397

ESX410-201011001 also contains the following non-security bulletins
ESX410-201011401-BG

To install an individual bulletin use esxupdate with the -b option.

References:

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081