Summaries and Symptoms
Security update to the Openwsman component of the ESX service console to fix the issue described in SUSE Security Announcement SUSE-SA:2008:041
, "Two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234
ESX is not affected by the other issue described in that security announcement, "A possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233
Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the ESX service console.
Additional Details for CVE-2008-2234
The Openwsman 2.0.0 management service on ESX 3.5 is vulnerable to the issue described by CVE-2008-2234, "Two remote buffer overflows while decoding the HTTP basic authentication header." Users without valid login credentials could potentially exploit this vulnerability.
Openwsman before 2.0.0 is not vulnerable to this issue. The ESX 3.5 patch ESX350-200808205-UG updated Openwsman to version 2.0.0. That patch is installed as part of the ESX Upgrade 2 release, or the patch can be installed individually.
This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please seehttp://www.vmware.com/resources/techresources/726
for more information on VMware security best practices.
To check if a vulnerable version of Openwsman is installed on your system, issue the following command from the service console:
# rpm -ql cim-smwg
The vulnerable version is cim-smwg-126.96.36.199-103202.
If you cannot apply this patch, you can stop the wsman service as a workaround.
From the service console issue the command:
# service wsman stop
This workaround is not persistent and will be undone after the next reboot.
Make Sure ESX350-200808205-UG Exists in Your Depot
ESX350-200808413-SG requires the installation of ESX 3.5 U2 refresh bundle ESX350-200808205-UG, irrespective of whether the ESX 3.5 U2 hot fix bundle ESX350-200806812-BG is currently installed or not. Make sure that ESX 3.5 U2 refresh bundle ESX350-200808205-UG is available in the local depot before installation.
Stop Openwsman Service Before Installation
Before installing this patch through the esxupdate utility or Update Manager, you must stop the Openwsman service and restart it after applying the patch.
Note: If the Openwsman service is not stopped before installing this patch, the service will not be in a running state after installation. The ESX host will require a reboot.
Log in to the service console as root.
Stop the Openwsman service:
service wsman stop
Install this patch.
Restart the Openwsman service
service wsman start
Related esxupdate Issue
Based on VMware KB 1006878