Continuing my series as I work through the CCNA syllabus. The introduction to the series can be found here.

I will be pretty much following the CCNA Composite Exam Blueprint point for point. One post per bullet point. I’m using Version 11 (640-802).

Describe common networked applications including web applications

Every time you turn on a computer, you are presented with applications. These applications run on your local machine (mostly). They use the protocols, and transport mechanisms we discuss at CCNA level to interact with servers, or other applications across the network, or Internet. Facebook gets referred to as an application, but from our point of view it’s not.

An application is a process that runs on the local machine. In a lot of cases the Application, and the protocol that the application uses to access it’s information are so closely tied, that they get confused.

So an application is a process that runs on our computer, and we are interested in the ones that talk over the network? What’s the most obvious of these? A Web browser. You are probably using one to read this. FireFox, Chrome, IE, Safari, they all allow you to type (or click) a URL and have a web page displayed in front of you. How this web page gets to you is a long, convoluted process that moves right the way down and up the TCP/IP model, probably multiple times, with multiple computers involved. So, where do we start. Well, how about with that URL?

http://vantmet.wordpress.com/2012/03/23/so-today-i-failed-to-achive-a-ccna/

This is the very first introduction to this series that I wrote way back in March. Let’s break it down. Starting at the beginning, we have “HTTP” This stands for Hyper Text Transport Protocol. The Protocol the World Wide Web is built upon. HTTP defines a set of commands to enable a client to request documents from a server.

“vantmet.wordpress.com” is ideally the machine name that we want to access the file from.

The rest is the path to the file.

So what does our web browser do with that? Well, first it need to know how to contact the server to get the file from, so it need to find the IP address of vantmet.wordpress.com, for this it uses the DNS protocol. With the IP address in hand, the machine sends a HTTP get request to the server for the file path. The server responds, hopefully with the file, and the Browser reads the file. Usually the file will point to other files, on the same or different servers, images, fonts etc etc. These are also requested in the same fashion, until the page is loaded.

So, how can this vary? Well, obviously the computer name, and file path will vary on a case by case basis. But also the HTTP can become HTTPs, where the s implies the use of SSL (Secure Socket Layer) to encrypt the requests between the computer and the server. This is done to ensure no snooping on the network.

Many browsers also support ftp:// which stands for File Transport Protocol. There are standalone FTP applications, such as FileZilla, which specialise in using ftp to transfer files to you local machine, but it is such a useful thing to o for larger files, that many browsers include the ability too.

Other common applications are NTP Clients, used to set the time on the local computer, and DHCP Clients, used to set up the computer’s initial IP address and other settings.

What is important to note is that these applications are simply using the protocols defined in the TCP/IP model and in RFCs to achieve some aim. The applications do not define the protocols, and are not restricted to just one protocol.

http://ow.ly/aBkvE

Continuing my series as I work through the CCNA syllabus. The introduction to the series can be found here.

I will be pretty much following the CCNA Composite Exam Blueprint point for point. One post per bullet point. I’m using Version 11 (640-802).

Models, abstractions and Standards

Here we hit the first bit of proper memory work on the CCNA exam. Cisco are pretty particular on their exams on making sure candidates know what’s is going on “End to End”. This starts here.

The bullet reads: Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network

Early in the history of computer networking, there were two competing standards to describe the interactions of different physical and software systems with the rest of the world. But why have the standards at all? Each application could include a full set of drivers to directly access the hardware on a given machine, and expect to talk only to itself. This would be terribly inefficient though. It would make it hard to get a diverse set of hardware, and even harder to write applications that talk to each other, or even multiple applications to do the same thing. Imagine a world where some website were only accessible via Firefox, and others that only Chrome would show. The answer to this problem is to abstract the different levels of interaction, and define how they communicate with each other. Applications can then work at a single level, talking up and down the stack using standard protocols, and everything works together.

As is often the case, two separate organisations saw this at a similar time, and stated creating their own standard. These were, the OSI model, and the TCP/IP model. The OSI model is no longer in use, and pretty much all networking deals with TCP/IP. But it is worth knowing what the OSI model is, and it is vital to be successful at CCNA.

The OSI Model

All People Seem To Need Domino’s Pizza Aren’t Mnemonics brilliant? There are seven layers to the OSI model, working from the Physical layer, the actual hardware that encodes bits and sends them to the remote site (I’m trying hard not to use the phrase “on a wire”, there don’t have to be wires involved) through to the Application layer where the data that you send and receive is presented to you. These layers are:

• Application – 7
• Presentation – 6
• Session – 5
• Transport – 4
• Network – 3
• Data – 2
• Physical – 1

The numbers are significant. Ever heard of a layer 3 switch? Yes, you have, I mentioned one in an earlier post. That Phrase “Layer 2″ comes from the OSI model. But more of that in a bit. What do the layers do?

Physical, as I have already mentioned is exactly as it says on the tin. The physical layer encodes bits on the “wire” be that varying the electrical current through Standard Twisted Pair (STP), optical flashes created by a LASER or semi-conductor diode, channelled down a fibre, or the radio or microwaves used by “wireless” networks. The physical layer is where your network card works, and where hubs work (because they don’t inspect packets).

Data, or Data Link. This is the layer where the hardware first starts making decisions. Switches are “Layer 2″ devices. The Job of the data layer is to take the information provided from layers above it, and decide when is is possible to transmit it. The standards that define this layer are Ethernet (IEEE 802.3), HDCL (the signalling mechanism used in Serial Connections), Frame Relay, and PPP (Point to Point Protocol, used to create links over Plain old Telephone Lines (POTs)). The Data link layer, puts a header which is used to define the address of the next machine the data is to be sent to (a MAC address in the case of Ethernet), and a footer, which contains a checksum, used to ensure the packet is not corrupted at the physical layer (as can happen on shared mediums such as ring networks, or WiFi.

Network: this layer defines the logical addresses of devices (generally in a globally unique way), the way packets are passed between different networks, and best-path determination between these networks. This is the routing layer, and the guts of how the Internet manages to be so big! The logical addresses at this layer can be any of a number of different standards, but the only one a CCNA needs to care about it IP. Your IP address is a layer 3 address.

Transport: this is the layer that focuses on making sure that data is delivered reliably. In some cases, such as UDP, and ICMP, the protocol is very light, and makes no attempt to ensure packets are resent if lost. In other cases, such as TCP, this layer handles flow control, retransmission of lost packets, and re-ordering of delayed packets to ensure the application gets exactly the information it needs. The final role of the Transport layer is to route the correct “stream” of data to the correct application process. The “Port” that data is sent to is defined at this layer.

The Session layer defines how to start, monitor and end “sessions”. A simple web page may contain text, images, video, sounds and style sheets that the browser needs to have to display the page. These are sent in various “sessions” that are held open for as long as it takes the client machines to receive all of the data that it needs.

The Presentation layer defines the encoding of information, images are stored at GIF, PNG, JPEG etc, text can be stored as ASCII, UTF-8, UTF-16, UNICODE.

Finally the application layer defines the interface between the Application and the underlying communications system. This also handles User Authentication if required. This is where protocols such as HTTP, and FTP are defined.

The TCP/IP Model

The TCP/IP model took a much simpler approach. The layers 5-7 are combined, as are layers 1-2, leaving simply “Network Access”, Internetwork (note the slightly different name, for the same functions as the Network Layer), Transport and Application layers. Some time later, the “Network Access” layer was split into Physical, and Data Link layers to more closely match the OSI model, and as the two functions started to be less intertwined.

So, there we have two models of the “Network” stack. A whole heap of terminology, which hopefully will be come clearer over time. The next post in the series will delve into the two models to show how data flows through a network, encapsulating and de-encapsulating as it goes.

Continuing my series as I work through the CCNA syllabus. The introduction to the series can be found here.

I will be pretty much following the CCNA Composite Exam Blueprint point for point. One post per bullet point. I’m using Version 11 (640-802).

Selecting Components to meet a specification

The bullet reads: Select the components required to meet a network specification

Again, this is pretty vague, and could easily encompass the whole of a CCIE/Network Engineer’s role! So, we’ll fall back to the general CCNA outline again. We are dealing with small office/Branch office networks of up to 100 devices.

This could quite easily be the shortest blog post in the series. “Well I know what the devices are from the first post, so now I just need to pick a combination for a given number of users.” Cool, done, off we go…

Or not.

The devices we pick and choose for any particular role depend on a number of things. Particularly in a small network we have many options that will equally suffice. How do we pick between the options? In a large network, this actually becomes a little easier. For sanity if nothing else a large network has to be kept simple, and modular. This in itself means we just have to pick the correct module once, and we are done. In the small network, we have more ways we can skin the cat, whilst still being successful.
The Cisco product line also has a small bearing. Knowing what different varieties of switch, router and access point can accomplish is quite useful.
A good example of this is the smallest of small networks. Take a small office with two staff, and a shared printer. No matter what we will need a router, to access the Internet. We could also specify a switch or hub to connect the PCs and the printer, and an access point in case any users need or want a mobile device. We could include a firewall for security. Now we have four networking devices, twice as many as we have staff! So let’s look again.

Every router Cisco produce either comes with, or can have added to it, a 4 port switch module. This means we have less devices to worry about, and less connections to fail. Cisco routers are also capable of being firewall devices utilising access lists etc. So for such a small network a separate firewall is unlikely to be necessary. Finally, we have not been asked to provide wireless, so we should not include it. Even if that were part of the specification, we could again get the functionality from the correct router. We’ve reduced the number of devices down to one from four. The number of interconnects also reduces substantially, and finally, all of the interconnects are of the same type. This is the trick of this bullet. It isn’t just picking kit that will do the job. It is doing so intelligently and efficiently.

Just a minute, you are thinking, why is he talking about types of interconnect? Surely everyone uses MIDX Cat6e now adays? Well, no. The final part of this bullet encompasses the role of straight, crossover, serial and rollover cables. Perhaps I should have mentioned these in the first post

A brief interlude – Interconnects

For a CCNA we are primarily concerned with 4 types of interconnect. Straight and Crossover Cat5(6,5e,6e) cables, straight serial cables, and “rollover” cables.

The rollover cable is effectively an RJ45 (the terminator that Cat5(6,5e,6e) cables use) to 9 pin serial connector cable. This also slightly alters out the pinning of the serial cable. This connection is used to connect to routers via a serial cable in order to control them, but not for data transmission. Why a plain old serial cable is not sensible, I have no idea.

A serial cable is used for “high speed” (ha, yeah) data transmission primarily between routers. In the real world, I have only seen this on the ISP side equipment, and even then, more and more of this is coming to use Ethernet. As far as we are concerned, serial connections are for router to router connections.

A straight Cat 5 cable is used to connect devices of differing type. PC to switch, PC to router, Router to switch. It is not used to connect switch to switch (Except with the advent of the GBit spec, the ports are now designed to negotiate a data pin if a straight cable is used, so cross over cables aren’t really useful any more). Cat5e, Cat6, and Cat 6e are simply further advances to the specification designed to carry more data than the original Cat 5, but that doesn’t make a great deal of difference at CCNA level, and certainly not with less than GBit interfaces.

A cross over cable is there to connect like devices. Switch to switch or router to router. In CCNA router to router connections are almost always serial. A cross over cable is exactly the same as a straight cat 5, except the data and ground cables are “crossed” meaning that data at one end goes to ground at the over and vice versa. This makes little to no sense until you realise that in cat 5, there are two data pins. One is used to transmit and the other to receive. This allows the cable to be full duplex, i.e. capable of sending and receiving at the same time, without collisions. Obviously, if both listening pins are connected, and both transmit pins are connected, nothing will hear anything, and there will be lots of collisions! The hardware in PCs and routers is pinned differently to that in switches. The short version is, if you are connecting switches to switches, you want a crossover cable.

Back to business

So, lets end with a less contrived example. A small office with 30 staff. They have two servers and three divisions: Accounts, Engineering and QA. Each division shares a room, and has 10 staff.

Here we go with a router again. This is necessary to connect to the Internet. We could also utilise any switch ports in the router to connect to the servers, or we could have them on their own switch. We will come back to that decision. Each division gets it’s own switch. Most traffic will be within a division, or between the division switch and the router (be that to the Internet or the servers). The switches will be connected to the router, as we will see later the different divisions will be on different subnets, and so a router will be needed. We always want to ensure less hops (jumps from one device to the next) in a network, so we connect the switches to the router, rather than chaining them. This also has the advantage that it spreads the traffic over more connections, and cause less trouble if one connection fails.

Now back to the servers. We have three switches already. So if we have only four ports on the router, we must put another switch in for the servers. In most cases though, we could utilise an 8 port switch in the router, or even use a layer 3 switch. This will let us directly connect the servers to the routing device. This has the advantage that most traffic will be from clients to the servers, so reducing the hop count, or “circumference” of the network.

A final Note

Finally, hubs and switches. As I alluded to in the first post. We basically never use hubs now. A switch is *far* more efficient, with the reduced collision domains. *Never* include a hub in a design.

This is the first post in a series as I work through the CCNA syllabus. The introduction to the series can be found here.

I will be pretty much following the CCNA Composite Exam Blueprint point for point. One post per bullet point. I’m using Version 11 (640-802).

Purpose and Function

The bullet reads: Describe the Purpose and Function of Various network devices

Various isn’t too well defined, but at least for this purpose we know that we are dealing with devices found in a small office or branch office networks. So, what devices do we have?

First we have the networking devices:
* Hubs
* Switches
* Routers
* Access Points
* Hardware firewall devices

These are the devices that make up the network itself.

Client Devices:
* Desktop and laptop computers
* Tablets
* Smart Phones

These are the devices that the network exists for, the devices that access the network and utilise it.

Finally we have service devices:
* Printers
* Servers
* Storage units

These are the focus of the network, the devices the users are trying to access.

These are very arbitrary groups, and I have picked them because that is how I think of them. Printers for example work very much more like a client in reverse, receiving data rather than requesting or sending it. In a SAN, servers act as client devices for the storage.

Broadly speaking though, the client devices connect either using wired, or wireless (more on both later) connections to the network devices. The network devices provide a transport system, usually with security in mind, for the clients to the server devices such that the clients can make a request, and the server devices can fulfil the request.

A small example of this? Why not: A user sat at a computer would like to be sure the computer has the correct time. The computer is connected to a switch, which is connected to a server which is running NTPd. The user sends a request, picked up by the switch and forwarded to the server. The server sends back the correct time, using the reverse route.

Now, lets take those network devices in a little more detail.

First we have the hub. Don’t see many of these, and I’ve never seen one in production use! A good place to start then. A hub is basically a repeater, like a parrot, everything it hears, it repeats. Any data in to any port is immediately sent out of all other ports. This means that each port on a hub is within the same segment, and collisions are more and more likely with more ports.

Hub: 1 segment, 1 collision domain.

Next the switch. A switch starts off like a hub, but for every request it receives, it remembers the MAC address of the requester, and the port the request came in on. That way, once a request destined for that MAC is seen, it only needs to be sent out of one port, not many. This effectively makes each port into it’s own collision domain. We are still at layer two though, still on the same IP subnet, so still at one segment.

Switch: 1 segment, many collision domains.

Routers work at the level above switches, effectively moving packets based on IP address, rather than MAC address. This makes each port on a router a separate segment, and by virtue of that a separate collision domain.

Router: many segments, many collision domains.

Access points are effectively hubs for wireless devices. Using the shared medium of the same “channel” of the spectrum each client device shares the bandwidth of the access point.

AP: 1 segment, 1 collision domain.

I’ve rambled a bit there, and I haven’t touched on how full duplex cabling effects the collision domain with modern switches, or fun things like VTP and how to avoid switching loops. Fortunately, they come later in the blueprint.

Why did I fail it? Because I didn’t know the stuff. It’s that brutally simple.

I don’t think I’m that stupid. I’ve been “in the game” for a good 10 years. I’ve been responsible for networks for SMEs from 30 users and a single site, up to 400 users over 25 sites. I’ve done dial-up in the US, and HSRP in the core. I’ve done all that whilst having to troubleshoot Linux, and Windows and AWS instances, and …. It goes on. It’s not special. Thousands of people like me do this every day.

But I should have had a CCNA years ago. I wanted a CCNA years ago, and never got around to it. Recently I got the chance, and I jumped at it. I jumped too quickly. I picked the date. I perused some websites, and kidded myself I know what I was doing. Did you hear the thud this morning as I hit the ground?

Remember that guy in high school, who finished the exam in half the allotted time, and spent the rest doodling and writing out guitar tab? Then got an A? That was me. Not today it wasn’t. 5 questions left with 00:00:00 on the clock. You can’t argue with a computers time keeping, but jeepers, did someone turn the clocks back early? I’ve read plenty of times about Cisco exams and time management. Nothing brings that home like checking how long you have to do this question, and seeing 10 bright red seconds turn to 9…..

What about the questions, surely I could answer them? Right? Well, almost it seems. The blueprint doesn’t give any idea of the depth these questions go into. You really need to know this stuff backwards. That is the biggest, most important lesson I’ve learnt today. I thought I knew this stuff. I’ve barely scratched the surface.

So now we are back to why I’m blogging about it. Einstein famously said that if you can’t teach something to a 5 year old, you don’t really know it. I do have a 5 year old test subject. But he’d get pretty bored of sub-netting, pretty damned quick (don’t we all?). So I’m going for the next best thing. I intend to take the blueprint. I intend to take the topics one at a time and blog about them. If I can’t make a sensible post about the point. I don’t know it well enough. I intend to do the posts “blind”, off line, closed book. Then check them afterwords and see where I went wrong.

I’ve known Tom now for a good few years, and he’s very kindly offered to host these posts, mostly for his own nefarious reasons. I am happy to oblige by rounding out planet VM with some networking snippets of which this series is only the first!

Finally I’m going to ask you. My imaginary friends who I hope read this, and Tom’s loyal followers to do me a favour. Pick the posts apart. Show me the nuance I’m missing, tell me when I’m outright wrong and haven’t even noticed it, and hey, maybe we’ll all learn something.

1. Summary

VMware vCenter Server, Orchestrator, Update Manager, vShield,
vSphere Client, ESXi and ESX address several security issues

2. Relevant releases

VMware vCenter Server 5.0
VMware vSphere Client 5.0
VMware vSphere Client 4.1 Update 1 and earlier
VMware vCenter Orchestrator 4.2
VMware vCenter Orchestrator 4.1 Update 1 and earlier
VMware vCenter Orchestrator 4.0 Update 3 and earlier
VMware vShield Manager 4.1 Update 1
VMware vShield Manager 1.0 Update 1
VMware Update Manager 5.0
ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG
ESXi 4.1 without patch ESXi410-201110202-UG
ESXi 4.0 without patch ESXi400-201110402-BG
ESX 4.1 without patch ESX410-201110201-SG
ESX 4.0 without patch ESX400-201110401-SG

3. Problem Description

a. VMware Tools Display Driver Privilege Escalation

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems.

VMware would like to thank Tarjei Mandt for reporting theses issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues.

Note: CVE-2012-1509 doesn’t affect ESXi and ESX.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* Remediation for VMware View is described in VMSA-2012-0004.

** Notes on updating VMware Guest Tools:

After the update or patch is applied, VMware Guest Tools must be updated in any pre-existing Windows-based Guest Operating System. The XPDM and WDDM drivers are part of Tools.

Windows-Based Virtual Machines that have moved to Workstation 8 or Player 4 from a lower version of Workstation or Player are affected unless:

- They were moved from Workstation 7.1.5 or Player 3.1.5,

AND

- The Tools version was updated before the move.

Windows-Based Virtual Machines that have moved to Fusion 4 from a lower version of Fusion are affected.

b. vSphere Client internal browser input validation vulnerability

The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn’t properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client.

VMware would like to thank Edward Torkington for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue.

In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected.

c. vCenter Orchestrator Password Disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.

VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue.

d. vShield Manager Cross-Site Request Forgery vulnerability

The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server.

VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se) and Claudio Criscione for independently reporting
this issue to us

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue.

e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30

Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.

Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section
provides a link to this advisory.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Oracle (Sun) JRE 1.5.0 family

f. vCenter Server Apache Tomcat update 6.0.35

Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, and CVE-2012-0022 to these issues.

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Apache Tomcat 5.5 family

g. ESXi update to third party component bzip2

The bzip2 library is updated to version 1.0.6, which resolves a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

vCenter Server 5.0 Update 1
—————————

The download for vCenter Server includes vSphere Update Manager, vSphere Client, and vCenter Orchestrator

Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0

Release Notes:
vSphere vCenter Server
https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html
https://www.vmware.com/support/pubs/vum_pubs.html

File: VMware-VIMSetup-all-5.0.0-639890.iso
md5sum:f860ac4b618e2562ebffa2318446fa5b
sha1sum:62830e3061b983e98944ae6d9d3b2e820cebe270

File: VMware-VIMSetup-all-5.0.0-639890.zip
md5sum:a8bdde277aeeffc382ec210acf510479
sha1sum:0b675a47349fdc09104c62ad84bd302846213fc8

vCenter Server 4.1 Update 2
—————————

The download for vCenter Server includes vSphere Client and vCenter Orchestrator.

Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

File: VMware-VIMSetup-all-4.1.0-493063.iso
md5sum: d132326846a85bfc9ebbc53defeee6e1
sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541

File: VMware-VIMSetup-all-4.1.0-493063.zip
md5sum: 7fd7b09e501bd8fde52649b395491222
sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1

vCenter Server 4.0 Update 4
—————————

The download for vCenter Server includes vCenter Orchestrator.

Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0

Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html

File: VMware-VIMSetup-all-4.0.0-502539.iso
md5sum: b418ff3d394f91b418271b6b93dfd6bd
sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927

File: VMware-VIMSetup-all-4.0.0-502539.zip
md5sum: 2acfadde1ec0cd6d37063d87246d6942
sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8

vShield Manager 4.1.0 Update 2
——————————

Download link:
http://downloads.vmware.com/d/details/vshield_endpoint10u3/ZHB3YnRAKndidHR3ag==

Release Notes:
https://www.vmware.com/support/vshield/doc/releasenotes_vshield_410U2.html

File: VMware-vShield-Manager-upgrade-bundle-4.1.0U2-576124.tar.gz
md5sum:9a80fc347bc4a19ad0fd4c9fcb4ab475
sha1sum:f5780c1615da0493d0955a1343876c4111d85203

vShield Zones 1.0 Update 2
————————–

The download for VMware vShield Zones contains vShield Manager

Download link:
http://downloads.vmware.com/d/details/zones10u2/dHRAYndld2pidHclJQ==

Release Notes
https://www.vmware.com/support/vsz/doc/releasenotes_vsz_10U2.html

File: VMware-vShieldZones-1.0U2-638154.exe
md5sum:73515f4732c3a1ecc91ef21a504ca6d9
sha1sum:ed4d858e1c05f54679ba99b739270c054efaf63e

ESXi and ESX
————

Download link:
http://downloads.vmware.com/go/selfsupport-download

ESXi 5.0
——–
File: update-from-esxi5.0-5.0_update01
md5sum: 55c25bd990e2881462bc5b66fb5f6c39
sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88
http://kb.vmware.com/kb/2011432
update-from-esxi5.0-5.0_update01 contains ESXi500-201203101-SG

File: ESXi500-201112001
md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10
sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d
http://kb.vmware.com/kb/2007672
ESXi500-201112001 contains ESXi500-201112402-BG

Note: subsequent ESXi releases are cumulative and
ESXi500-201203101-SG includes the security fixes that are
present in ESXi500-201112402-BG

ESXi 4.1
——–
File: update-from-esxi4.1-4.1_update02
md5sum: 57e34b500ce543d778f230da1d44e412
sha1sum: 52f4378e2f1a29c908493182ccbde91d58b4112f
http://kb.vmware.com/kb/2002341
update-from-esxi4.1-4.1_update02 contains ESXi410-201110202-UG

ESXi 4.0
——–
File: ESXi400-201110001
md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3
sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b
http://kb.vmware.com/kb/1039199
ESXi400-201110001 contains ESXi400-201110402-BG

ESX 4.1
——-
File: update-from-esx4.1-4.1_update02
md5sum: 96189a6de3797e28b153f89e01d5a15b
sha1sum: b1823d39d0e4536a421fb933f02380bae7ee7a5d
http://kb.vmware.com/kb/2002303
update-from-esx4.1-4.1_update02 contains ESX410-201110201-SG

ESX 4.0
——-
File: ESX400-201110001
md5sum: 0ce9cc285ea5c27142c9fdf273443d78
sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399
http://kb.vmware.com/kb/1036392
ESX400-201110001 contains ESX400-201110401-SG

5. References

Oracle Java SE Critical Patch Update Advisory of October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

6. Change log

2012-03-15 VMSA-2012-0005

Initial security advisory in conjunction with the release of
vSphere 5.0 Update 1, Orchestrator 4.2 Update 1, Update Manager 5.0
Update 1, vShield 1.0 Update 2, and ESXi and ESX 5.0 patches on
2012-03-15.

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

• security-announce at lists.vmware.com
• bugtraq at securityfocus.com
• full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc.  All rights reserved.

1. Summary

VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.

2. Relevant releases

ESXi 5.0 without patch ESXi500-201203101-SG
ESXi 4.1 without patch ESXi410-201201401-SG
ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG

3. Problem Description

a. ESX third party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

b. ESX third party update for Service Console cURL RPM

The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

c. ESX third party update for Service Console nspr and nss RPMs

The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.

A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate
Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

d. ESX third party update for Service Console rpm RPMs

The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

e. ESX third party update for Service Console samba RPMs

The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.

Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

f. ESX third party update for Service Console python package

The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

g. ESXi update to third party component python

The python third party library is updated to python 2.5.6 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

VMware ESXi 5.0
—————
update-from-esxi5.0-5.0_update01
http://downloads.vmware.com/go/selfsupport-download
md5sum: 55c25bd990e2881462bc5b66fb5f6c39
sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88
http://kb.vmware.com/kb/2011432

update-from-esxi5.0-5.0_update01.zip contains ESXi500-201203101-SG

VMware ESXi 4.1
—————
ESXi410-201201401
http://downloads.vmware.com/go/selfsupport-download
md5sum: BDF86F10A973346E26C9C2CD4C424E88
sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
http://kb.vmware.com/kb/2009143
ESXi410-201201401 contains ESXi410-201201401-SG

VMware ESX 4.1
————–
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F
sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
http://kb.vmware.com/kb/2009142

ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and
ESX410-201201407-SG

5. References

CVE numbers

— COS Kernel —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
— COS cURL —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
— COS rpm —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
— COS samba —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
— COS python —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
— python library —
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521

6. Change log

2012-01-30 VMSA-2012-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.1 and ESXi 4.1 on 2012-01-30.

2012-03-15 VMSA-2012-0001.1
Updated security advisory after the release of ESXi 5.0 patches
on 2012-03-15

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

• security-announce at lists.vmware.com
• bugtraq at securityfocus.com
• full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc.  All rights reserved.

1. Summary

VMware View addresses privilege escalation and cross-site scripting issues.

2. Relevant releases

View 4.6.0 and older.

3. Problem Description

a. VMware Virtual Desktop Display Driver Privilege Escalation

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops.

VMware would like to thank Tarjei Mandt for reporting theses issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

* Other affected products are documented in VMSA-2012-0005; this advisory is exclusively for View.

** Notes on updating VMware Virtual Agents:

In order to remediate the problem, VMware View Agents must be updated in any pre-existing virtual desktops. The XPDM and WDDM drivers are part of the View Agent.

View Agents that have moved to View 5.0 from a lower View version are affected if their View Agent was not updated after the move.

b. View Manager Portal Cross-site Scripting

A cross-site scripting vulnerability in View Manager Portal may allow a remote attacker to run scripts in the victim’s browser. The attacker can trigger this vulnerability by supplying a crafted URL
to the victim and convincing them to click on the link.

VMware would like to thank Jeremy Conway for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1511 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is
available.

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

View 4.6.1
———-
http://downloads.vmware.com/d/info/desktop_downloads/vmware_view/4_6

Release Notes
https://www.vmware.com/support/view46/doc/view-461-release-notes.html

VMware View Connection Server (32-bit)
VMware-viewconnectionserver-4.6.1-640196.exe
md5sum:bfa8f091628bf257c94255b62b4ea8d6
sha1sum:65a1c7cee3133ee54b7da5f5c9439577991ed282

VMware View Connection Server (64-bit)
VMware-viewconnectionserver-x86_64-4.6.1-640196.exe
md5sum:64da571b4ed650395b8e6d6f4d17bab1
sha1sum:6b0a82b0ddce5e4d6c8dddd0f86e80e85802a572

VMware View Agent (32-bit)
VMware-viewagent-4.6.1-640196.exe
md5sum:3dfb8d5d24a75e77f8ac08d3657b764a
sha1sum:cede74042154b09e7489052d88953fe860b80125

VMware View Agent (64-bit)
VMware-viewagent-x86_64-4.6.1-640196.exe
md5sum:227f688a49ccfa29a7d9950be8b444e3
sha1sum:00001411021327b8bdf04721dbcf3001409bdf4c

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1511

6. Change log

2012-03-15 VMSA-2012-0004
Initial security advisory in conjunction with the release of
View 4.6.1 on 2012-03-15.

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

• security-announce at lists.vmware.com
• bugtraq at securityfocus.com
• full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc.  All rights reserved.

So what was one of the first things I did, apart from changing the password

That’s right downloaded and installed VMware Fusion. I thought I would show every body how easy it is to install Fusion on a MBP so here goes.

one go to theVMware download site as shown below

.

Click the Download button.

Read the EULA

Click Yes to agree, or it all stops here

I chose the small file as I already have a AV product. once the file has downloaded,  Double click the file in Finder.

then simply move the VMware Fusion Icon to the Application Folder and wait……..

Yes that is really it.  Fusion is now installed and you are ready to start running lovely VM’s on your OSx environment.