On February 20th, VMware issued a number of security updates and product fixes for their VMware ESX Server product. ESX Server 3.0.2, Patch ESX-1003359: Security Update to the Samba Package: This patch provides updates to the Samba package distributed with the service console for ESX Server 3.0.2. The patch addresses a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticat On February 20th, VMware issued a number of security updates and product fixes for their VMware ESX Server product.ESX Server 3.0.2, Patch ESX-1003359: Security Update to the Samba Package: This patch provides updates to the Samba package distributed with the service console for ESX Server 3.0.2. The patch addresses a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user can trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. Note: This vulnerability can be exploited only if the attacker has access to the service console network. ESX Server 3.0.2, Patch ESX-1003360: Security Updates to the Python Package: This patch provides service console updates for the Python package. The patch fixes security issues with an integer overflow issue with the way Python’s Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions, a flaw in Python’s locale module where strings generated by the strxfrm() function are not properly NULL-terminated, and multiple integer overflow flaws in Python’s imageop module that can allow an attacker to cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. ESX Server 3.0.2, Patch ESX-1003362: Fix for aacraid SCSI Driver Security Issue: This patch fixes an issue where the aacraid SCSI driver does not check IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. ESX Server 3.0.2, Patch ESX-1003364: Virtual Machines on the ESX Server Host Do Not Power on Automatically: This patch fixes an issue where a virtual machine does not auto start on reboot of the ESX Server host. ESX Server 3.0.2, Patch ESX-1003365: ESX Server Host Might Stop Responding When a CD-ROM Drive Is Accessed: This patch fixes an issue where the ESX Server host running on Intel’s Harwich and Foxcove platforms might stop responding when a CD-ROM drive is accessed from a virtual machine under heavy CPU loads. ESX Server 3.0.2, Patch ESX-1003366: iSCSI LUNs in the Pass-Through Mode Might Cause the ESX Server Host to Stop Responding: This patch fixes an issue where iSCSI LUNs in the pass-through mode might cause the ESX Server host to stop responding. ESX Server 3.0.2, Patch ESX-1003179: Fixes for Remote Console Blackout, OpenSolaris Boot Delay, Duplicate Packet Issue; Support for Virtual Machines to Share Generic SCSI Devices: This patch fixes the following issues: Fixes an issue where a virtual machine using a e1000 NIC stops responding under heavy Pre-boot Execution Environment (PXE) network load, when the IBM Tivoli driver attempts to write to the e1000 register. Fixes an issue where OpenSolaris virtual machines might take a long time to boot due to SCSI errors. Enables virtual machines on the same ESX Server host to share generic SCSI devices. Fixes an issue where a virtual machine’s remote console appears blacked out, when the virtual machine is accessed from a computer via a network that has a Generic Routing Encapsulation (GRE) tunnel to the virtual machine’s ESX Server host. Fixes an issue where broadcast/multicast packets are duplicated when two or more virtual machines are connected to a vSwitch using NIC teaming. ESX Server 3.0.2, Patch ESX-1003374: Fixes for VMware Tools Installer: This patch provides updates for the VMware Tools installer to support Red Hat Enterprise Linux 5.1 and changes the name of Windows XP Professional x64 guest operating system in VMware tools to be correctly communicated to the ESX Server host. Software Development