Portal Home > Knowledgebase > VMware Knowledge Base > ESX Server 3.0.1, Patch ESX-1004186: VMware VIX API Memory Overflow Vulnerabilities; VMware Tools Local Privilege Escalation on Windows-based GOS; Unable to Browse NFS or Networking Shares; Pre-Built Modules for VMware Tools

ESX Server 3.0.1, Patch ESX-1004186: VMware VIX API Memory Overflow Vulnerabilities; VMware Tools Local Privilege Escalation on Windows-based GOS; Unable to Browse NFS or Networking Shares; Pre-Built Modules for VMware Tools


Release Date: 06/03/08
Document Last Updated: 06/03/08

Product Versions
ESX Server 3.0.1
Patch Classification
Virtual Machine Migration or Reboot Required
ESX Server Host Reboot Required
PRs Fixed
244321, 259538, 259542, 259544, 259575, 265676, 221068, 236171, 219894, 271117, 270658
Affected Hardware
Affected Software
RPMs Included
VMware-esx-tools, VMware-esx-vmx
Related CVE numbers
CVE-2008-2100, CVE-2007-5671


This patch fixes the following issues:
  • The VIX API (also known as Vix) is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers. Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.
    The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled." This configuration setting is present in the following products:
    • VMware Workstation 6.0.2 and higher
    • VMware ACE 6.0.2 and higher
    • VMware Server 1.06 and higher
    • VMware Fusion 1.1.2 and higher
    • ESX Server 3.0 and higher
    • ESX Server 3.5 and higher 
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. To complete the fix, install ESX-1004186 and ESX-1004725.
  • The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. This is a guest driver vulnerability and not a vulnerability on the ESX Server host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the ESX Server host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a ESX Server host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product.
    NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system.   
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue.
  • Unable to browse NFS or other networking shares from a Windows virtual machine, when VMware Tools is installed.
  • Pre-built Modules for installing VMware Tools on SUSE Linux Enterprise Server 9 SP4.



The following issues occur without this patch:
  • Access to networking shares might not be possible. For example, if you are accessing an NFS share on a Solaris machine from Windows 2003 SP1 virtual machine, you will be unable to access the share and might encounter the 404 Page not found error.
  • When trying to install VMware Tools, VMware Tools generates the following message and fails to continue until the gcc location and kernel source files are specified manually.
    None of the pre-built vmmemctl modules for VMware tools is suitable for your running kernel. Do you want this program to try to build the vmmemctl module for your system (you need to have a C compiler installed on your system)? [yes]

Deployment Considerations

Download Instructions

Download and verify the patch bundle as follows:

1.      Download patch ESX-1004186 from http://www.vmware.com/download/vi/vi3_patches.html .
2.      Log in to the ESX Server service console as root.

3.      Create a local depot directory.

# mkdir -p /var/updates

Note: VMware recommends that you use the updates directory.

4.      Change your working directory to /var/updates.

# cd /var/updates

5.      Download the tar file into the /var/updates directory.
6.      Verify the integrity of the downloaded tar file:
# md5sum ESX-1004186.tgz 

The md5 checksum output should match the following: 

f64389a8b97718eccefadce1a14d1198 ESX-1004186.tgz

7.      Extract the compressed tar archive:

# tar -xvzf ESX-1004186.tgz

8.      Change to the newly created directory, /var/updates/ESX-1004186:

# cd ESX-1004186

Installation Instructions

Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch.  


After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:

# esxupdate update

To run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-1004186 update

For example, if the host is called depot:

# esxupdate -r file:///depot/var/updates/ESX-1004186 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.

# esxupdate -v 10 file://<directory>/ESX-1004186 update

Based on VMware KB 1004186

Also Read