?
Solved

Installing an rpm file :  rpm -ivh   or  rpm -Uvh  in VMWare ESX and Redhat Linux

Posted on 2009-04-18
7
Medium Priority
?
6,191 Views
Last Modified: 2013-12-16
Hi,

I'm trying to address the vulnerability (see below) given by security team.

Our ESX 3.5 is affected (ESX 2.5 is Ok).  I've got the .rpm patch file.
Do I install using
   rpm -Uvh patchfile.rpm
       or
   rpm -ivh patchfile.rpm

What's the difference between the two?  Redhat suggested to me to use
"rpm -ivh" to install the .rpm packages from their site but I've seen some
places using "rpm -U package.rpm"


==================================================================

[Summary]
A vulnerability was reported in VMware. A local user on the guest operating system can obtain elevated privileges on the target host system.

A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system.

VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX are affected.

[Affected System]
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2

Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2

ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2

Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later

Fusion 2.x Mac OS/X 2.0.4 build 159196 or later

ESXi 3.5 ESXi ESXe350-200904201-O-SG

ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421


[Impact Analysis]
A local user on the guest operating system can obtain privileges on the target host system.

[Solution/Workaround]
The vendor released a fix and an advisory.
Please see the references for more information.

[Reference]
http://securitytracker.com/alerts/2009/Apr/1022031.html
http://www.vmware.com/security/advisories/VMSA-2009-0006.html
0
Comment
Question by:sunhux
7 Comments
 
LVL 23

Assisted Solution

by:Maciej S
Maciej S earned 360 total points
ID: 24174435
-i means install
-U means upgrade

Description of -U from man rpm:
This upgrades or installs the package currently installed to a newer version.  This is the same as install, except all other version(s) of the package are removed after the new package is installed.
0
 
LVL 35

Assisted Solution

by:ShineOn
ShineOn earned 1000 total points
ID: 24180388
I don't understand...

You say this is a VMware ESX 3.5 host, right?  Why would you be installing a RedHat RPM?  Or asking RedHat for advice on how to install it?

The patch you need is from VMware, and is installed on the VMware host using the service console, not on the RedHat guest.
It should be file ESX350-20094201-SG.ZIP which contains the file VMware-esx-vmx-3.5.0-158869.i386.rpm

According to the KB article, you're supposed to either use the VI Update Manager or install the package using esxupdate from the command line.  http://kb.vmware.com/kb/1009852
0
 
LVL 7

Assisted Solution

by:kumarnirmal
kumarnirmal earned 200 total points
ID: 24181286
ShineOn is spot on.
If you are using VirtualCenter 2.5, then you can use VMware Update Manager to scan the ESX Host for baselines and remediate the patches based on the results of the scan.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:sunhux
ID: 24225974
Hi,

I was following the Security vulnerability article and downloaded that .rpm package
and I thought what's for ESX shd be the same as Redhat.  Since I have a maintenance
support from Redhat, thus I thought of just giving Redhat a call.  After all, I heard from
somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
this wrong?

So the rpm file I got was actually downloaded from VMWare, not Redhat;  just that I
don't know the exact way to install it & since it's an rpm file, I thought it should be
just the usual way of installing rpm (ie using "rpm ..." command)

I actually used "rpm -U VMware-esx-vmx-3.5.0-158869.i386.rpm" at ESX Unix prompt
and after rebooting the ESX, whenever I started the VM guests, it would cause the
entire ESX to panic.

So I guess I should not use "rpm ..." command but rather
"VI Update Manager or install the package using esxupdate ",  is this right?
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 1000 total points
ID: 24229470
"I heard from somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
this wrong?"

You got this partly wrong.  ESX 3.5 runs on its own 2.4 kernel.  Mine is Linux version 2.4.21-57.ELvmnix.  It's essentially a VMware-only flavor of Linux called vmnix.
It does use the RedHat gcc version 3.2.3 20030502 from Red Hat Linux 3.2.3-14 so in a way it has roots in RedHat, but it's not Red Hat.

What you need to do, in order to use the RPM package, is install it using esxupdate from the command line of the service console.

If you have Virtual Center installed and configured, you can use the Update Manager to download and install patches for you, in a relatively automated fashion.

Another thing you need to do is make sure you install the prerequisite packages in the proper order.  If you installed the package for 20094201 without making sure the prerequisite packages were installed first, that could contribute to your kernel panics.

The KB article http://kb.vmware.com/kb/1009852 has a "requires" block in the grid that shows these are prerequisite patches:
ESX350-200810201-UG
ESX350-200903201-UG
ESX350-200903202-UG
But as you go to download each of them, you will see that the order you install the patches may not be the order you see them listed in the grid.
0
 

Author Comment

by:sunhux
ID: 24231119
Hi ShineOn,

Thanks a lot, can you also tell me a sample command for esxupdate so that
I could get the syntax right.  For rpm, it's  "rpm -Uvh  rpm_package_name",
so what is it like for esxupdate?
0
 
LVL 35

Assisted Solution

by:ShineOn
ShineOn earned 1000 total points
ID: 24232953
http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf

There are four execution modes for esxupdate, and you should use them as they're intended.  It's too detailed a document to go into here, but suffice it to say that you use 'esxupdate' as a command instead of 'rpm'.  

There are options and switches and parameters, but they don't look anything like rpm's, from a cursory review.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question