AusCERT - AU-2008.0018 -- AusCERT Update - [VMware ESX] - VMware ESX/ESXi 3.5 Update 2 patch causing error

AU-2008.0018 -- AusCERT Update - [VMware ESX] - VMware ESX/ESXi 3.5 Update 2 patch causing error
Date: 14 August 2008
Original URL: http://www.auscert.org.au/render.html?cid=1979&it=9720
References: ESB-2008.0747

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2008.0018 - [VMware ESX]
VMware ESX/ESXi 3.5 Update 2 patch causing error
14 August 2008        AusCERT Update Summary
        ----------------------

Operating System:     VMWare ESX Server
                      VMWare ESXi Server
Impact:               Denial of Service

Ref:                  ESB-2008.0747

Original Bulletin:    http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-065-eng.aspx

Revision History:     May 10 2012: Corrected details
                      August 14 2008: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

VMware ESX/ESXi 3.5 Update 2 patch causing error

   Number: AV08-065
   Date: 13 August 2008 

Purpose

   An issue has been discovered with VMware ESX/ESXi 3.5 Update 2 where
   Virtual Machines fail to power on or VMotion successfully. This
   problem began to occur on August 12, 2008 for clients that had
   upgraded to ESX 3.5 Update 2.

Assessment

   The following message is displayed in the vmware.log file for the
   virtual machine:


   This product has expired. Be sure that your host machine's date and
   time are set correctly.
   There is a more recent version available at the VMware web site:
   http://www.vmware.com/info?id=4.
   ##############################
   Module License Power on failed.

   The following error may display when attempting to deploy virtual
   machines:

   A general system error occurred: Internal Error
   Type: ERROR
   Module: PendingOperation
   Thread: PendingOperation-/[path]

   Affected Products:

   VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2.
   The problem will be seen if ESX350-200806201-UG is applied to a
   system.
   No other VMware products are affected.

Suggested action

   CCIRC recommends the following action(s):

   Workaround 1:
   Do not install ESX 3.5 U2 if it has been downloaded from VMware?s
   website or elsewhere prior to August 12, 2008.

   Workaround 2:
   Set the host time to a date prior to August 12, 2008. This workaround
   has a number of very serious side affects that could impact production
   environments. Any Virtual Machines that sync time with the ESX host
   and serve time sensitive applications would be broken. These include,
   but are not limited to database servers, mail servers, and domain
   administration systems.
   Resolution:
   VMware Engineering has produced express patches for impacted clients
   that will resolve the issue. If running the affected versions as
   mentioned above please download the relevant patch from following
   link:
   - For ESX 3.5 Update 2 Express patch:
   http://download3.vmware.com/software/esx/ESX350-200806812-BG.zip
   - For ESXi 3.5 Update 2 Express patch:
   http://download3.vmware.com/software/esx/ESXe350-200807812-O-BG.zip

   REFERENCES:
   -----------
   http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006716

Note to Readers

   Public Safety Canada (PS) collects information related to cyber and
   physical threats to, and incidents involving, Canadian critical
   infrastructure. This allows us to monitor and analyze threats and to
   issue alerts, advisories, and other information products.

   The Government Operations Centre (GOC) provides strategic level
   coordination and direction on behalf of the Government of Canada, in
   response to emerging or occurring events in the national interest,
   including threats to and incidents involving Canadian critical
   infrastructure. The GOC receives, shares, and coordinates information
   with other federal departments, as well as provincial/territorial and
   international partners.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT6soUe4yVqjM2NGpAQI2XQ/9HwOLt/lP779uevo1ijGAACyl6C7lQU11
+abJiQuzGT8jS+0Pv4UNGJcH6uBOxnzbe7JnPdqxB7u2LzqOITJnKyHsiU1yAi7Q
rA2sUg8yffoo+VbWpESUUVOqguuwD7olAEzp+zH/erS6/v+aG+NKSQaffZ2kTtpe
PU+hKsPiDElgLcyYSeKj4HbbzMn3lQpdQO5ebW+ta82UCHS4Tj4r6fx1sZdyDYvn
RbbJU+J+1q6jMt4Ychpf+67NvHd6WYJ7JCVkO3J8AN84ArnRm0zfNwBSlWDayUPp
rBYcvgQa4sA1mwlqU0pAQakH0F+RtqvbN550TJ7L1b2JKc6X4hZCpdvxxliMVWe0
I9a306v47RhUP0l+wVEenJ5ja42vsaMIFMV3ou0vQc5vGk7u6EObPBS6dW6Fjj1v
vZlRkq26Sy86cofeZD22JEp7YCj+yfMaq2rRMzB4nKFAeNgsnB6nZILe4YEcG1tE
X4DJ3Iv4plBKu0acwP1lJNCA+BVzDFZGyOvj4bh8RG8FVgDaxE++9wEdFZDzWq1G
TXGbvouk9y93P05EY2gtN00nnTVDSpCDOo4tfkvzD4edrGCh5vv4NGY0o+jmnwXR
NIg5sQUjXjtosVRV9NtOLJhSPd5plUpFyuAae7nmmla4IA9wRHXFCGjxZppLivOE
HutHXT1yUvk=
=WxcT
-----END PGP SIGNATURE-----