Advisory ID:       VMSA-2009-0015

Synopsis:          VMware hosted products and ESX patches resolve two security issues

Issue date:        2009-10-27

Updated on:        2009-10-27 (initial release of advisory)

CVE numbers:       CVE-2009-2267 CVE-2009-3733

- ————————————————————————

1. Summary

VMware hosted products and ESX patches resolve two security issues.

2. Relevant releases

VMware Workstation 6.5.2 and earlier,

VMware Player 2.5.2 and earlier,

VMware ACE 2.5.2 and earlier,

VMware Server 2.0.1 and earlier,

VMware Server 1.0.9 and earlier,

VMware Fusion 2.0.5 and earlier,

VMware ESXi 4.0 without patch ESXi400-200909401-BG,

VMware ESXi 3.5 without patches ESXe350-200910401-I-SG,

ESXe350-200901401-I-SG,

VMware ESX 4.0 without patch ESX400-200909401-BG,

VMware ESX 3.5 without patches ESX350-200910401-SG

ESX350-200901401-SG,

VMware ESX 3.0.3 without patches ESX303-200910401-BG,

ESX303-200812406-BG,

VMware ESX 2.5.5 without Upgrade Patch 15.

Extended support for ESX 2.5.5 ends on 2010-06-15.  Users should plan to upgrade to at least ESX 3.0.3 and preferably to the newest release available.

Extended support for ESX 3.0.3 ends on 2011-12-10.  Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available.

3. Problem Description

a. Mishandled exception on page faults

An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system.

VMware would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2267 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available. See above for remediation details.

VMware         Product   Running  Replace with/

Product        Version   on       Apply Patch

=============  ========  =======  =================

VirtualCenter  any       Windows  not affected

Workstation    6.5.x     any      6.5.3 build 185404 or later

Player         2.5.x     any      2.5.3 build 185404 or later

ACE            2.5.x     any      2.5.3 build 185404 or later

Server         2.x       any      2.0.2 build 203138 or later

Server         1.x       any      1.0.10 build 203137 or later

Fusion         2.x       Mac OS/X 2.0.6 build 196839 or later

ESXi           4.0       ESXi     ESXi400-200909401-BG

ESXi           3.5       ESXi     ESXe350-200910401-I-SG

ESX            4.0       ESX      ESX400-200909401-BG

ESX            3.5       ESX      ESX350-200910401-SG

ESX            3.0.3     ESX      ESX303-200910401-BG

ESX            2.5.5     ESX      Upgrade Patch 15

b. Directory Traversal vulnerability

A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.

VMware would like to thank Justin Morehouse and Jason Kratzer for independently reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3733 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware         Product   Running  Replace with/

Product        Version   on       Apply Patch

=============  ========  =======  =================

VirtualCenter  any       Windows  not affected

Workstation    any       any      not affected

Player         any       any      not affected

ACE            any       Windows  not affected

Server         2.x       Windows  not affected

Server         2.x       Linux    2.0.2 build 203138 or later

Server         1.x       Windows  not affected

Server         1.x       Linux    1.0.10 build 203137 or later

Fusion         2.x       Mac OS/X not affected

ESXi           4.0       ESXi     not affected

ESXi           3.5       ESXi     ESXe350-200901401-I-SG

ESX            4.0       ESX      not affected

ESX            3.5       ESX      ESX350-200901401-SG

ESX            3.0.3     ESX      ESX303-200812406-BG

ESX            2.5.5     ESX      not affected

Note: On ESX these vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.

Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.

4. Solution

Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

VMware Workstation 6.5.3

————————

http://www.vmware.com/download/ws/

Release notes:

http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html

For Windows

Workstation for Windows 32-bit and 64-bit

Windows 32-bit and 64-bit .exe

md5sum: 7565d16b7d7e0173b90c3b76ca4656bc

sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1

For Linux

Workstation for Linux 32-bit

Linux 32-bit .rpm

md5sum: 4d55c491bd008ded0ea19f373d1d1fd4

sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e

Workstation for Linux 32-bit

Linux 32-bit .bundle

md5sum: d4a721c1918c0e8a87c6fa4bad49ad35

sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5

Workstation for Linux 64-bit

Linux 64-bit .rpm

md5sum: 72adfdb03de4959f044fcb983412ae7c

sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb

Workstation for Linux 64-bit

Linux 64-bit .bundle

md5sum: 83e1f0c94d6974286256c4d3b559e854

sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542

VMware Player 2.5.3

——————-

http://www.vmware.com/download/player/

Release notes:

http://www.vmware.com/support/player25/doc/releasenotes_player253.html

Player for Windows binary

http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe

md5sum: fe28f193374c9457752ee16cd6cad4e7

sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04

Player for Linux (.rpm)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm

md5sum: c99cd65f19fdfc7651bcb7f328b73bc2

sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e

Player for Linux (.bundle)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle

md5sum: 210f4cb5615bd3b2171bc054b9b2bac5

sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b

Player for Linux – 64-bit (.rpm)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm

md5sum: f91576ef90b322d83225117ae9335968

sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974

Player for Linux – 64-bit (.bundle)

http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle

md5sum: 595d44d7945c129b1aeb679d2f001b05

sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4

VMware ACE 2.5.3

—————-

http://www.vmware.com/download/ace/

Release notes:

http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html

ACE Management Server Virtual Appliance AMS Virtual Appliance .zip

md5sum: 44cc7b86353047f02cf6ea0653e38418

sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1

VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe

md5sum: 0779da73408c5e649e0fd1c62d23820f

sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef

ACE Management Server for Windows Windows .exe

md5sum: 0779da73408c5e649e0fd1c62d23820f

sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef

ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm

md5sum: a4fc92d7197f0d569361cdf4b8cca642

sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75

ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm

md5sum: 841005151338c8b954f08d035815fd58

sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e

VMware Server 2.0.2

——————-

http://www.vmware.com/download/server/

Release notes:

http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html

VMware Server 2

Version 2.0.2 | 203138   – 10/26/09

507 MB EXE image VMware Server 2 for Windows Operating Systems. A master installer file containing all Windows components of VMware Server.

md5sum: a6430bcc16ff7b3a29bb8da1704fc38a

sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b

VIX API 1.6 for Windows

Version 2.0.2 | 203138   – 10/26/09

37 MB image

md5sum: 827e65e70803ec65ade62dd27a74407a

sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22

For Linux

VMware Server 2 for Linux Operating Systems.

Version 2.0.2 | 203138   – 10/26/09

37 MB TAR image

md5sum: 95ddea5a0579a35887bd15b083ffea20

sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747

VMware Server 2 for Linux Operating Systems 64-bit version.

Version 2.0.2 | 203138   – 10/26/09

452 MB RPM image

md5sum: 35c8b176601133749e4055e0034f8be6

sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece

The core application needed to run VMware Server 2, 64-bit version.

Version 2.0.2 | 203138   – 10/26/09

451 MB TAR image

md5sum: cc7aef813008eeb7150c21547d431b39

sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474

VMware Server 1.0.10

——————–

http://www.vmware.com/download/server/

Release notes:

http://www.vmware.com/support/server/doc/releasenotes_server.html

VMware Server for Windows 32-bit and 64-bit

http://download3.vmware.com/software/vmserver/VMware-server-installer-1.0.10-203137.exe

md5sum: 867abd4843f88908ba2dbaf4547a1190

sha1sum: 780e61ac190dd2b6524c8c7792564b7548c4d5a1

VMware Server Windows client package

http://download3.vmware.com/software/vmserver/VMware-server-win32-client-1.0.10-203137.zip

md5sum: f7a4eb7f48e42b9040a73721e6d61b7f

sha1sum: 3a209d0fc86dbc69881614fdeb084e9c7d343f5a

VMware Server for Linux

http://download3.vmware.com/software/vmserver/VMware-server-1.0.10-203137.tar.gz

md5sum: eb127d30dbd5f7f08e5d129d68cb0d21

sha1sum: f21ed65a500b2176166d90ed2821892ce1cb1fd5

VMware Server for Linux rpm

http://download3.vmware.com/software/vmserver/VMware-server-1.0.10-203137.i386.rpm

md5sum: fd4416bcc1c53d83b493b9d941a4701c

sha1sum: aba35050f23cfbe027e004547559e78a38bcb6a1

Management Interface

http://download3.vmware.com/software/vmserver/VMware-mui-1.0.10-203137.tar.gz

md5sum: 0f01e9bdeee3fa2aa84f87f66b69dc83

sha1sum: 3b6a5b222cece1de97e9513717e25178e79707e6

VMware Server Linux client package

http://download3.vmware.com/software/vmserver/VMware-server-linux-client-1.0.10-203137.zip

md5sum: 542c5aa052c9a197c4f5eeca6c3d88cc

sha1sum: 3f92c98153f5d9dcbbcd0cd524683a6832aaa10e

VMware Fusion 2.0.6

——————-

VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009

md5sum: d35490aa8caa92e21339c95c77314b2f

sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26

VMware Fusion 2.0.6 (for Intel-based Macs): Download including only

VMware Fusion software

md5sum: 2e8d39defdffed224c4bab4218cc6659

sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef

Release notes

www.vmware.com/support/fusion2/doc/releasenotes_fusion_206.html

ESXi

—-

ESXi 4.0 patch ESXi400-200909401-BG (Privilege Escalation)

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-149-20090917-785671/ESXi400-200909001.zip

md5sum: 8e095684c54df259eaf5705f5bfc1463

sha1sum: 8f3174c119ba27269c5bb9b0767fc72778438ade

http://kb.vmware.com/kb/1014026

ESXi 3.5 patch ESXe350-200910401-I-SG (Privilege Escalation)

http://download3.vmware.com/software/vi/ESXe350-200910401-O-SG.zip

md5sum: 947874a28a7f85caffc884c6ff3a0a60

http://kb.vmware.com/kb/1014761

ESXi 3.5 patch ESXe350-200901401-I-SG (Directory Traversal)

http://download3.vmware.com/software/vi/ESXe350-200901401-O-SG.zip

md5sum: 588dc7bfdee4e4c5ac626906c37fc784

http://kb.vmware.com/kb/1006661

NOTES: The three ESXi patches for Firmware “I”, VMware Tools “T,” and the VI Client “C” are contained in a single offline “O” download file.

ESX

—

ESX 4.0 patch ESX400-200909401-BG (Privilege Escalation)

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-150-20090917-796862/ESX400-200909001.zip

md5sum: b1487ab823746a83b897caa9d9329f48

sha1sum: f426a11ec6420d9bd2f45f6ca30773a839cb3a65

http://kb.vmware.com/kb/1014019

Note: ESX400-200909001 contains the bundle with the security fix,

ESX400-200909401-BG

To install an individual bulletin use esxupdate with the -b option.

esxupdate –bundle ESX400-200909001 -b ESX400-200909401-BG

ESX 3.5 patch ESX350-200910401-SG (Privilege Escalation)

http://download3.vmware.com/software/vi/ESX350-200910401-SG.zip

md5sum: 73435b0495a61b00bedbead140b2a262

sha1sum: a957d57cf0df58d8a40759dce62efbf12a6c229c

http://kb.vmware.com/kb/1013124

ESX 3.5 patch ESX350-200901401-SG (Directory Traversal)

http://download3.vmware.com/software/vi/ESX350-200901401-SG.zip

md5sum: 2769ac30078656b01ca1e2fdfa3230e9

http://kb.vmware.com/kb/1006651

ESX 3.0.3 patch ESX303-200910401-BG (Privilege Escalation)

http://download3.vmware.com/software/vi/ESX303-200910401-BG.zip

md5sum: c7c8f76a2a704c1818eeb54500c28d1c

http://kb.vmware.com/kb/1014759

ESX 3.0.3 patch ESX303-200812406-BG (Directory Traversal)

http://download3.vmware.com/software/vi/ESX303-200812406-BG.zip

md5sum: 94ff158e94dd7a0e5b1e5e7aade7a523

http://kb.vmware.com/kb/1007215

ESX 2.5.5 Upgrade Patch 15 (Privilege Escalation)

http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz

md5sum: c346fe510b6e51145570e03083f77357

sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4

http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2267

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733

6. Change log

2009-10-27  VMSA-2009-0015

Initial security advisory after release of Server 1.0.10, Server 2.0.2 and Upgrade Patch 15 for ESX 2.5.5 on 2009-10-27. The versions of Workstation, Player, ACE, Fusion, and patches for ESXi 4.0, ESXi 3.5, ESX 4.0, ESX 3.5, ESX 3.0.3 mentioned above have already been released.

- ———————————————————————–

7. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com

* bugtraq at securityfocus.com

* full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com

PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center

http://www.vmware.com/security

VMware security response policy

http://www.vmware.com/support/policies/security_response.html

General support life cycle policy

http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

VMware Server 2.0.2 Release Notes

VMware Server 2.0.2 Download

Here’s a list with the fixed issues:

Security Fixes

• New: Exception handling privilege escalation on Guest Operating System This release addresses a security vulnerability in exception handling. Improper setting of the exception code on page faults might allow for local privilege escalation on the guest. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2267 to this issue.
  
• New: Directory Traversal Vulnerability on Linux-based hosts This release addresses a directory traversal vulnerability that is present on host systems and that may allow for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides. The issue is present on Linux-based hosts only, not on Windows-based hosts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3733 to this issue.

Miscellaneous

• Disk Stress Test fails with data corruption error
  WLK DiskStress test fails with data corruption error on LSI Logic virtual device.
• Server 2.0.1 does not allow vmnet-bridge service to be run in the foreground
  The vmnet-bridge service has a parameter -d for putting it in daemon mode. Without using the -d parameter, the vmnet-bridge service should be able to run in the foreground. This was not working. This issue is resolved in this release.

Both VMware Workstation 7 and VMware Fusion 3 have been released.

These are landmark releases as they provide even better support for current operating systems and bring many new features.

Instead of me boring you with the details get it straight from the horses mouth:

Download VMware Workstation 7

VMware Workstation 7 Release Notes

Download VMware Fusion 3

VMware Fusion 3 Release Notes

Team Fusion Blog

So no matter what platform you run, be it Windows, Linux or OS X, you can now all enjoy the latest virtualisation technology!

For a review on the Workstation 7 product, see also this earlier post: VMware Workstation 7 in public beta

After scratching my head for a little, here’s a way on how to bypass this particular problem.

Well I guess strange things can happen if you run Workstation on an unsupported linux distribution. In my case it is PCLinuxOS 2009.2, but this problem could turn up on other distributions as well.

The first thing to do is to see if you are having the same problem as me.

Open another console as root and type:

ps -A | grep vmware

If the output returned has “vmware-modconfig-” in there, then you are in the same boat as me and it just means that there was a problem while compiling the host kernel modules needed for VMware Workstation.  Now don’t despair as there is a way around this.

First open two consoles and in the first console run the bundle installer with the option to ignore all errors:

./VMware-Workstation-xxxxx.bundle --ignore-errors

Then in the second console run this one liner:

while true; do killall -9 vmware-modconfig-console; sleep 5; done;

This line will kill the vmware kernel module build process, so that the install doesn’t hang itself up on that bit and your install should progress as normal.

After the install is “successfully” completed, you can then build the kernel modules by running the following line:

vmware-modconfig --console --install-all

After these steps all should be well again and hopefully you can then enjoy your VMware Workstation setup on linux again.

In this article the detailed notes on how-to update from centOS 5.3 are written out in details.

The centOS 5.4 release notes known issues paragraph has this detail:

VMWare host on CentOS-5.4. There is an issue with the new version of glibc (2.5-42) and vmware-hostd. If you are using CentOS-5.4 as a VMWare host machine, you will need to read and take actions per this bug report (#3884).

The bug report itself has this:

Bug: 0003884: CentOS 5.4 glibc causes crash of VMWare vmware-hostd process in VMWare 2.0.0 and 2.0.1
Description:    CentOS 5.4 glibc causes crash of VMWare vmware-hostd process in VMWare 2.0.0 and 2.0.1. This is documented on these 2 VM threads:

http://communities.vmware.com/message/1364852
and
http://communities.vmware.com/thread/230842

Two ways to fix this are called out in the above threads. The easiest one is to just exclude glibc from CentOS-5.4 in the yum.conf file if you are upgrading a 5.3 machine, using this line:

exclude=*2.5-42*

Then do this to verify you will not get the new files in the upgrade:

yum list glibc*

The output should not show new glibc files.

Ouch, that is some serious problem there that we certainly do not want to bump into.

So we now have to reconsider if we really want to upgrade to centOS 5.4 at this stage. As I was going to write this article.. for me there is no choice and to bite the bullet, but if you are running production then this is the most important question. Is there anything in the new release at this moment that you have a need for?

If you are here because you already upgraded, but are now having problems then visit the bug report as it has notes on how-to fix this.

OK, so let’s go then, upgrade our VMware Server 2.0.1 host from centOS5.3 to centOS5.4 and use the exclude method as depicted above.

Step 1. Take a backup!

Once you have done that, start a root console.

We will first check what the repositories are going to offer us when we upgrade without taking precautions.

# yum list glibc*
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * rpmforge: ftp-stud.fht-esslingen.de
 * base: archive.cs.uu.nl
 * updates: archive.cs.uu.nl
 * addons: archive.cs.uu.nl
 * extras: archive.cs.uu.nl
429 packages excluded due to repository priority protections
Installed Packages
glibc.i686                                       2.5-34.el5_3.1                       installed
glibc.x86_64                                     2.5-34.el5_3.1                       installed
glibc-common.x86_64                              2.5-34.el5_3.1                       installed
glibc-devel.x86_64                               2.5-34.el5_3.1                       installed
glibc-headers.x86_64                             2.5-34.el5_3.1                       installed
Available Packages
glibc.i686                                       2.5-42                               base     
glibc.x86_64                                     2.5-42                               base     
glibc-common.x86_64                              2.5-42                               base     
glibc-devel.i386                                 2.5-42                               base     
glibc-devel.x86_64                               2.5-42                               base     
glibc-headers.x86_64                             2.5-42                               base     
glibc-utils.x86_64                               2.5-42                               base

Glibc version 2.5-42 is the one that would cause us problems, so we are now going to prevent it from updating to that glibc version.

Take your favorite text editor to go and edit the file /etc/yum.conf

In the [main] section under the plugins line add the line:

exclude=*2.5-42*

Now exit and save the configuration file and rerun the line above, it should now not show the new glibc package anymore.

# yum list glibc*
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * rpmforge: ftp-stud.fht-esslingen.de
 * base: archive.cs.uu.nl
 * updates: archive.cs.uu.nl
 * addons: archive.cs.uu.nl
 * extras: archive.cs.uu.nl
rpmforge                                            | 1.1 kB     00:00     
base                                                | 2.1 kB     00:00     
updates                                             |  951 B     00:00     
addons                                              |  951 B     00:00     
extras                                              | 1.1 kB     00:00     
Excluding Packages in global exclude list
Finished
429 packages excluded due to repository priority protections
Installed Packages
glibc.i686                                       2.5-34.el5_3.1                       installed
glibc.x86_64                                     2.5-34.el5_3.1                       installed
glibc-common.x86_64                              2.5-34.el5_3.1                       installed
glibc-devel.x86_64                               2.5-34.el5_3.1                       installed
glibc-headers.x86_64                             2.5-34.el5_3.1                       installed

As you can see we now have an extra line “Excluding packages..” and the newer glibc is indeed excluded from the update.

With that protection in place we can now go and upgrade our host.

But wait.. let’s first pause -or better, shut down- all your running virtual machines. This is not a required step, but it just makes sense to make sure that all your VM’s had a nice clean shut down.

Now, again from the command line, run the upgrade:

yum update

Shut down your host and restart it afterwards.

If all has gone well, then VMware Server will just run, no new precompiled kernel modules are needed.

Well at least on my host everything worked out of the box.

You can check that you are now running the latest version of CentOS by running:

# rpm -q centos-release

centos-release-5-4.el5.centos.1

There you go and the latest release it is.

Enjoy your new OS and VMware Server!

What is out lined below is the sage advice in the form of tweets from of one of the senior members of the VCDX defence panel, there are over 50 and rising hints here.  Remember to bookmark this one as I am sure this list will grow

VCDX Tip    #1:       Know your design inside out. Why, How and impact are important! Understand the requirements, justifications and consequences.”
VCDX Tip   #2a:     Consider lessons learned from Enterprise Architecture and Services Oriented Architecture for virtual cloud design.
VCDX Tip   #2b      note: books=support of cloud architecture design 4 VCDX not to help pass test. SOA is a key piece for VMware based clouds.
VCDX Tip   #2b:     See Thomas Erl books (SOA Design Patterns and SOA Principles of Service Design) and Computing by Rittinghouse and Ransome.
VCDX Tip   #3:       Practice what you preach and learn from others. Architects listen first. Don’t assume the answer before the discussion starts!
VCDX Tip   #4:       Scenarios for VCDX defenses test journey to solution not necessarily the final answer. Whiteboard talk and ask questions.
VCDX Tip   #5:       Troubleshooting scenarios – think of the architecture and implementation approach to resolution. Logs design SC Command
VCDX Tip   #6a:     Application/Design Choice=(What decision was required? Don’t include simplistic choices that are standard ie: redundant NICs)
VCDX Tip   #6b:     Include architecture decisions like use of active/standby layout in single vswitch design.
VCDX Tip   #7:       Application/Justification=What compelling requirement/constraint/assumption/risk mitigation drove decision.
VCDX Tip   #8:       Application/Impact=How did the decision affect other areas of the design w/r to technology/risk/schedule/skills/budget.
VCDX Tip   #9:       Recruit peers to review VCDX design and application. Focus on architects and specialists 1st implementers 2nd. Red ink please.
VCDX Tip   #10:    Try a dry run on the defense. 75 minutes w/peers to grill you on design and choices made. Practice breeds confidence!
VCDX Tip   #11a:   Longer is not necessarily better. We have reviewed some designs over 500 pages total (8 docs) and some under 200 pages total
VCDX Tip   #11b:   Focus on content not length. Focus on customer requirements.
VCDX Tip   #12a:   What makes for a good design?
VCDX Tip   #12b:   See other tips. Key answer = meeting requirements with appropriate technology to also match schedule and budget
VCDX Tip   #12c:   Understanding and documenting the reasons for each decision including meeting requirements constraints and technology.
VCDX Tip   #13a:   Blank application or missing areas in the application=immediate rejection. Application is a requirement.
VCDX Tip   #13b:   Incomplete application form or referring the reviewer to the document where the form should be completed=rejection.
VCDX Tip   #13c:   Application requires 5 requirements/constraints/assumptions. and four answers (3 parts each) in each design choice area.
VCDX Tip   #14a:   Core components of a VCDX submitted design include a design document with requirements and an architectural solution.
VCDX Tip   #14b:   This design will include supporting information for the design choices. This is why the application mirrors what we look for.
VCDX Tip   #14c:   The design also should include an assembly and configuration type document and a validation/test plan.
VCDX Tip   #14d:   In the design you must touch the following areas: Network, Storage, vCenter, ESX, VMs, Security, Disaster Recovery, (cont)”
VCDX Tip   #14e:   monitoring upgrades capacity planning standard procedures and areas related to the requirements.
VCDX Tip   #15:    Current docs must be in English. Other languages will come as we grow the number of VCDX. If u translate consider a reviewer
VCDX Tip   #16      Start early on application. Plan 8-24 hours to collect and update docs per blueprints and fill out app. Remember no blanks!
VCDX Tip   #17:    Use VCDX application 2 identify new design patterns & new best practices in your design. Provide justification & impact.
VCDX Tip   #18:    Considerations for design: SOA Cloud Enterprise Architecture extending the boundaries. Think Elastic Sky…
VCDX Tip   #19a:   Example decision for ESX Clusters: N+2 Redundancy
VCDX Tip   #19b:   Justification: Customer requirement of N+2 redundancy in cluster.
VCDX Tip   #19c:   Impact: Lower utilization of resources in cluster to accommodate N+2 failure. Impact to ROI & TCO.
VCDX Tip   #20:    Design Document must include requirements and an implementation to support them. It is not about diagrams alone.
VCDX Tip   #21:    Validation/Test Plan typically will include test of virtualization platform/mgmnt tests infrastructure and adv features.
VCDX Tip   #22:    Design Document includes conceptual model mapping requirements logical design and physical design
VCDX Tip   #23:    Installation & Configuration Guide includes details on assembly of the physical design components. Test Plan can be combined.
VCDX Tip   #24:    Preparation for defense – Create presentation outlining design and include reference diagrams for discussion during defense.
VCDX Tip   #25:    Getting started – take a design and red ink pn then review for blueprint items and a match of decisions to requirements.
VCDX Tip   #26:    Sleep well night before after studying design and decisions carefully then take the test with confidence best foot forward.
VCDX Tip   #27:    Consider extensions to design to meet all blueprint requirements. This is allowed but must be defensible.
VCDX Tip   #28a:   Plan to include requirements/constraints/assumptions in a dedicated document or within the architecture design document.
VCDX Tip   #28b:   Requirements table example: REQ-001 Customer requires that disaster recovery site supports the same SLAs as primary site
VCDX Tip   #28c:   Constraint table example: CON-001 Customer has budget to support recovery but not at the same SLA levels.
VCDX Tip   #28d:   Assumptions table example: To quote Benny Hill “”Never assume or you make an *** out of you and me.”" Note follows…”
VCDX Tip   #28e:   Assumptions must be confirmed for risk mitigation.
VCDX Tip   #28f:    Assumptions table: ASS-001 To mitigate risk REQ-001&CON-001 client resolves conflict. The design will match resolution.
VCDX Tip   #28g:   All architects will at some point have conflicts in pool of requirements/constraints/assumptions.
VCDX Tip   #28h:   A VCDX must be able to address conflicts in their design during discussions and obtain signoff of the final decision.
VCDX Tip   #28i:    Ensure that the decisions made around conflicts include justification approval and impact to other areas of the design
VCDX Tip   #29:     Validation/test plans should include functionality/performance/utilization considerations for testing on regular basis.
VCDX Tip   #30:     Question on number of VCDX’s – most recently announced VCDX is #25
VCDX Tip   #31:     panelists spend approximately 4-8 hours reviewing application and submitted docs. We look for complete design as specified.
VCDX Tip   #32:     design docents do not have to be based on vmware deliverables but must meet content coverage. Blueprints & app provide detail.
VCDX Tip   #33:     having a good design without understanding all areas presented will limit scoring. Know the technology as you will be asked.
VCDX Tip   #34:     panelists cannot provide positive scores in missing areas. Explaining what is missing does NOT score extra points.
VCDX Tip   #34:     short answers without solid demonstration of technology or choices must be expanded to score.
VCDX Tip   #35:     Cheat sites for vcdx won’t help.
VCDX Tip   #36:     Sites that introduce design strategies and design patterns for virtualization that are supported by VMware will help.
VCDX Tip   #37:     Liars claiming to be VCDX will be revealed as liars. Customers beware. If they lie on this then they will lie to you.
VCDX Tip   #38:     Official VCDX certified individuals will in the future be listed by VMware so that customers can validate integrity.
VCDX Tip   #39:     HP blade virtual connect can utilize redundant back-end 10G uink allowing creative perf and redundancy in vswitch design.
VCDX Tip   #40:     If the design references strategies from Mr. Hanky – Do Not submit.
VCDX Tip   #40:     Designs including 3rd party technologies require candidate to fully understand the technology used
VCDX Tip   #41:      don’t believe duplicate tip’s. Go with first one.
VCDX Tip   #42:      Panelists are experts in various virtualization areas. Don’t make technology claims that are incorrect. – Duncan Epping
VCDX Tip   #43:      Submitting and defending a design when stating “”best practice”",  know the background behind that practice. You will be questioned!”
VCDX Tip   #44:      Best practices for majority may not be best practice for some. Think first! Justify & show impact to support change.
VCDX Tip   #44:      Example of bad design – Utilizing two NICs for vSphere FT that are shared with vMotion, Service Console and VM traffic. BAD!”
VCDX Tip   #45:      For partners especially – default VMware templates are only a baseline and do not constitute the minimal cutoff for VCDX.
VCDX Tip   #46:      Customer defaults may be o but provide guidance in your discussions as well as recommendations for change in your design.
VCDX Tip   #47:      Reminder – ‘Just because’ will cost points. Know justifications & impact of choice. If bad, provide recommendations”
VCDX Tip   #48:      Defense presentation outlines your backgroun – project backgroun – Key points and reference materials
VCDX Tip   #49:      VCDX Presentation should not include birthday, age, religion  or other areas that are outside of virtualization project.”
VCDX Tip   #50:      Business Continuity or Disaster Recovery. Understand the difference. Apply both to design for bonus consideration.
VCDX Tip   #50a:    When thinking of presentation to start defense, use the application framework to help with the flow. – Shridhar Deuskar”
VCDX Tip   #51a:    vSphere designs have been accepted for the VCDX defense if they meet the criteria defined in the blueprints.
VCDX Tip   #51b:   The differentiator between VCDX on VI3.x versus VCDX on vSphere 4.x is likely to be based on the test.
VCDX Tip   #51c:   Note – for VCDX on vSphere 4 to work the Enterprise test and the Design test must both be upgraded to vSphere 4.ETA TBD.
VCDX Tip   #51d:   All aspects of a design are reviewed and validated. If you include vSphere features you WILL be questioned on them also

Added 26th October 2009

VCDX Tip   #52:     Enterprise Exam is a prerequisite to validate advanced skills and troubleshooting required by architects. Experience counts!
VCDX Tip   #53:     Design exam tests architecture skills that include both technology and process. How do multiple parts fit together?
VCDX Tip   #54:     Top VCDX candidates spent extra time on their application and design to fill in missing areas for complete scoring.
VCDX Tip   #55:     Designs can adapt and modify best practices. Provide solid support for this and provide examples from experience.
VCDX Tip   #56:     Design Exam – consider lessons learned from VCP and Enterprise tests. Know your weak spots and learn them.
VCDX Tip   #57:     Design Exam – Integration is essential in a design. Know how to tie related items and understand their relationships.
VCDX Tip   #58:     D.E. – covers design exam tips for future posts.
VCDX Tip   #59:     D.E. Consider security, DR, DRS, Resource Pools, and other items that influence placement of disk/net/CPU/RAM/VM in cluster.
VCDX Tip   #60:    D.E. (Tip from @jasonboche) – Pace yourself. Some areas require more time than others. Some have more weight than others.

Thanks to this tool I now have the entire VMware documentation set downloaded to my laptop.  Now even when I am offline I can still get access to all the VMware PDF files, fantastic for those times on the train, OK I know that certain trains have access to  WIFI, or I can use my Data Card.  but not when I am in Europe (roaming data charges are sooo expensive).  Great I hear you say but what about updates, well they have even thought about that.   All you have to do is re-run the batch file and it will trawl the site again and after checking the date/timestamp of the document you have on your machine against the date timestamp of the document on the site it will update the document if necessary. Further it should also download any new documentation which is on the site.

VMSA-2009-0014 and an update to VMSA-2009-0002.1 I have included the contents of both mails in this post.

[Security-announce] UPDATED VMSA-2009-0002.1 VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

VMware Security Advisory

Advisory ID:       VMSA-2009-0002.1

Synopsis:          VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

Issue date:        2009-02-23

Updated on:        2009-10-16

CVE numbers:       CVE-2008-1232 CVE-2008-1947 CVE-2008-2370
- ———————————————————————–
1. Summary

Updated VMware VirtualCenter Update 4 and ESX patch update Tomcat packages.

2. Relevant releases

VirtualCenter 2.5 before Update 4

ESX 3.5 without patch ESX350-200910403-SG

3. Problem Description

a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27

Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1232, CVE-2008-1947 and CVE-2008-2370 to these issues.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

** Tomcat will be updated to version 6.0.20 in the next update release

Note: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.

Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see

http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.

The currently installed version of Tomcat depends on your patch deployment history.

4. Solution

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

VirtualCenter
————-

VMware VirtualCenter 2.5 Update 4
http://www.vmware.com/download/download.do?downloadGroup=VC250U4

DVD iso image md5sum: 4304334ed7662b6a43646e6dde0956d2

Zip file md5sum: 1306cb9b25e28a06bab84257d7cbf38f

Release Notes

http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html

ESX 3.5
——-

ESX350-200910403-SG

http://download3.vmware.com/software/vi/ESX350-200910403-SG.zip

md5sum: 0e90be5bd6aa986dc2356563e809a54f

sha1sum: a5968cf6db78e28d79a4fd0b4df172cadf0f7129

http://kb.vmware.com/kb/1013126

5. References

Tomcat release notes

http://tomcat.apache.org/security-5.html

CVE numbers

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370

- ————————————————————————

6. Change log

2009-02-23  VMSA-2009-0002

Initial security advisory after release of VirtualCenter 2.5 Update 4 on 2009-02-23.

2009-10-16  VMSA-2009-0002.1

Updated after release of ESX 3.5 patch 18 on 2009-10-16.

[Security-announce] VMSA-2009-0014 VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

- ———————————————————————–

VMware Security Advisory

Advisory ID:       VMSA-2009-0014

Synopsis:          VMware ESX patches for DHCP, Service Console kernel,

and JRE resolve multiple security issues

Issue date:        2009-10-16

Updated on:        2009-10-16 (initial release of advisory)

CVE numbers:

CVE-2009-0692 CVE-2009-1893 CVE-2009-0692

CVE-2008-4210 CVE-2008-3275 CVE-2008-5356

CVE-2008-0598 CVE-2008-2136 CVE-2008-2812

CVE-2007-6063 CVE-2008-3525 CVE-2008-2086

CVE-2008-5347 CVE-2008-5348 CVE-2008-5349

CVE-2008-5350 CVE-2008-5351 CVE-2008-5352

CVE-2008-5353 CVE-2008-5354 CVE-2008-5357

CVE-2008-5358 CVE-2008-5359 CVE-2008-5360

CVE-2008-5339 CVE-2008-5342 CVE-2008-5344

CVE-2008-5345 CVE-2008-5346 CVE-2008-5340

CVE-2008-5341 CVE-2008-5343 CVE-2008-5355

CVE-2009-1093 CVE-2009-1094 CVE-2009-1095

CVE-2009-1096 CVE-2009-1097 CVE-2009-1098

CVE-2009-1099 CVE-2009-1100 CVE-2009-1101

CVE-2009-1102 CVE-2009-1103 CVE-2009-1104

CVE-2009-1105 CVE-2009-1106 CVE-2009-1107

- ———————————————————————–

1. Summary

Updated DHCP and Kernel packages for ESX 3.5 and ESX 3.0.3 and updated Java JRE packages for ESX 3.5 address several security issues.

2. Relevant releases

ESX 3.5 without patches ESX350-200910406-SG, ESX350-200910401-SG,

ESX350-200910403-SG

ESX 3.0.3 without patch ESX303-200910402-SG

3. Problem Description

a. Service Console update for DHCP and third party library update for DHCP client.

DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network.

A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue.

An insecure temporary file use flaw was discovered in the DHCP daemon’s init script (”/etc/init.d/dhcpd”). A local attacker could use this flaw to overwrite an arbitrary file with the output of the “dhcpd -t” command via a symbolic link attack, if a system administrator executed the DHCP init script with the “configtest”, “restart”, or “reload” option.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue.

The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.

ESX 3.5 and later have a DHCP client component outside of the Service Console. The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

b. Updated Service Console package kernel

Service Console package kernel update to version kernel-2.4.21-58.EL.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the security issues fixed in kernel-2.4.21-58.EL

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. JRE Security Update

JRE update to version 1.5.0_18, which addresses multiple security issues that existed in earlier releases of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_17:

CVE-2008-2086, CVE-2008-5347, CVE-2008-5348,CVE-2008-5349,

CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,CVE-2008-5353,

CVE-2008-5354, CVE-2008-5356, CVE-2008-5357,CVE-2008-5358,

CVE-2008-5359, CVE-2008-5360, CVE-2008-5339,CVE-2008-5342,

CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,CVE-2008-5340,

CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18:

CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096,

CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,

CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104,

CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

** JRE will be updated to version 1.5.0_20 in the next update release

Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.

Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see

http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.

The currently installed version of JRE depends on your patch deployment history.

4. Solution

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESX 3.5

——-

ESX350-200910406-SG (DHCP Service Console)

http://download3.vmware.com/software/vi/ESX350-200910406-SG.zip

md5sum: dab682b1e3897fd43e2e7f90aa1156fc

sha1sum: 0962718f65d4c2f76657369ada4a61848253174e

http://kb.vmware.com/kb/1013129

ESX350-200910401-SG (DHCP third party library, kernel)

http://download3.vmware.com/software/vi/ESX350-200910401-SG.zip

md5sum: 73435b0495a61b00bedbead140b2a262

sha1sum: a957d57cf0df58d8a40759dce62efbf12a6c229c

http://kb.vmware.com/kb/1013124

ESX350-200910403-SG (JRE)

http://download3.vmware.com/software/vi/ESX350-200910403-SG.zip

md5sum: 0e90be5bd6aa986dc2356563e809a54f

sha1sum: a5968cf6db78e28d79a4fd0b4df172cadf0f7129

http://kb.vmware.com/kb/1013126

ESX 3.0.3

———

ESX303-200910402-SG (DHCP Service Console)

http://download3.vmware.com/software/vi/ESX303-200910402-SG.zip

md5sum: 59a090cf37971e7f13385b9f53cdf3ca

sha1sum: 3af9cf1b15dc151bce06c89cc0d81e1a7cf9c80e

http://kb.vmware.com/kb/1014758

5. References

CVE numbers

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1893

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107

- ————————————————————————

6. Change log

2009-10-16  VMSA-2009-0014

Initial security advisory after release of ESX 3.5 patch 18 and ESX 3.0.3 patch 11 on 2009-10-16.

- ———————————————————————–

7. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Ai Virtualisation & PHD Virtual are pleased to offer esXpress Essentials for VMware Bundle! esXpress is the Award Winning Back Up and Data Protection solution for VMware.

The bundle is available through Ai Virtualisation and limited to orders that have been registered and received up to November 30th 2009. Please call Ai Virtualisation to register deals.

esXpress Essentials for vSphere includes 3 Licenses (for 3 hosts) of esXpress Professional version and the first year of Gold level of support. The bundle is priced very attractively priced at $2,000 MSRP.*

Please note this offer is available for NEW customers only, and only one bundle per customer is allowed.

If you would like to take advantage of this offer, a web demo or would like to receive more information on the Award Winning esXpress, then please feel free to contact me on +447814 037 613 or sanjay@aivirtualisation.com

This is an extremely attractive offer for new customers as the recommended retail price is $1000 per server. So they will effectively receive a free license.

Why oh why do they not change this simple thing.  to the known world “Delete” means remove.  Logic states that this means return to the earlier state,  however, VMware logic states that it means “Merge” OR “Commit” .I.E. remove the Snap by adding the data to the Flat file.

If it still confuses me after 5 years, what will it be doing to those that are new to the products.

Please VMware, use clear English and drop the ambiguous buttons.   A simple “Merge” and “Merge All” or “Commit Snap“, “Commit All Snaps” together with a “Roll Back” would suffice here and it would remove all confusion points.

But until that time “REMEMBER THAT DELETE IN SNAPSHOT PARLANCE MEANS COMMIT OR MERGE“.