-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
VMware Security Advisory
Advisory ID: VMSA-2006-0009
Synopsis: VMware ESX Server 3.0.0 AMD fxsave/restore issue
Knowledge base URL:http://kb.vmware.com/kb/2533126
Issue date: 2006-10-31
Updated on: 2006-11-13
CVE-2006-1056
Updated package addresses an AMD fxsave/restore security vulnerability.
This patch is for ESX Server 3.0.0 only (with or without other patches
for ESX 3.0.0)
An AMD fxsave/restore security vulnerability. The instructions fxsave
and fxrstor on AMD CPUs are used to save or restore the FPU registers
(FOP, FIP and FDP). On AMD Opteron processors, these instructions do not
save/restore some exception related registers unless an exception is
currently being serviced. This could allow a local attacker to partially
monitor the execution path of FPU processes, possibly allowing them to
obtain sensitive information being passed through those processes.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-1056 to this issue.
Solution:
Note: VMware recommends that you use the updates directory.
Download patch ESX-2533126 from http://www.vmware.com/download/vi/
into the /var/updates directory.
Verify the integrity of the downloaded tar file:
f34bd684a50a29d667bd0ea5c8c8ef63 ESX-2533126.tgz
Installation Instructions
Once you have downloaded and extracted the archive, and if you are in
the directory you created above, install the update using the following
command:
For more information on using esxupdate, please refer to the Patch
Management for ESX Server 3 tech note at
http://www.vmware.com/pdf/esx3_esxupdate.pdf.
Note: This security patch is part of the October 2006 patch release
for VI3. A second (non-security) patch is also available. Installation
of these two patches is independent and you do not need to install both
to be in a supported state. The other patch is available at
http://kb.vmware.com/kb/2666943
http://kb.vmware.com/kb/2533126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://www.vmware.com/products/esx/
http://www.vmware.com/download/esx/
http://www.vmware.com/security
VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html
E-mail: [email protected]
Copyright 2006 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFWP5d6KjQhy2pPmkRCAqgAKClk2Xhfxkv+HqPQ/e3fRSWuHiREQCfaedN
xh2SUOf0NcmTSAofrCdFINI=
=gaBi
-----END PGP SIGNATURE-----