Home page logo
/

bugtraq logo Bugtraq mailing list archives

VMSA-2012-0006 VMware ESXi and ESX address several security issues
From: VMware Security Team <security () vmware com>
Date: Fri, 30 Mar 2012 17:51:16 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------------
                  VMware Security Advisory

Advisory ID: VMSA-2012-0006
Synopsis:    VMware ESXi and ESX address several security issues
Issue date:  2012-03-29
Updated on:  2012-03-29 (initial advisory)
CVE numbers: CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348
            CVE-2011-4862
-----------------------------------------------------------------------
1. Summary

  VMware ESXi and ESX address several security issues.

2. Relevant releases

  ESXi 4.1 without patch ESXi410-201101201-SG
  ESXi 4.0 without patch ESXi400-201203401-SG
  ESXi 3.5 without patch ESXe350-201203401-I-SG

  ESX 4.1 without patch ESX410-201101201-SG
  ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
  ESX 3.5 without patch ESX350-201203401-SG

3. Problem Description

  a. VMware ROM Overwrite Privilege Escalation

     A flaw in the way port-based I/O is handled allows for modifying
     Read-Only Memory that belongs to the Virtual DOS Machine.
     Exploitation of this issue may lead to privilege escalation on
     Guest Operating Systems that run Windows 2000, Windows XP
     32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2
     32-bit.

     VMware would like to thank Derek Soeder of Ridgeway Internet
     Security, L.L.C. for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2012-1515 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product   Running  Replace with/
     Product        Version   on       Apply Patch
     =============  ========  =======  =================
     vCenter        any       Windows  not affected

     Workstation    8.x       any      not affected
Player 4.x any not affected Fusion 4.x Mac OS/X not affected

     ESXi           5.0       ESXi     not affected
     ESXi           4.1       ESXi     ESXi410-201101201-SG
     ESXi           4.0       ESXi     ESXi400-201203401-SG
     ESXi           3.5       ESXi     ESXe350-201203401-I-SG

     ESX            4.1       ESX      ESX410-201101201-SG
     ESX            4.0       ESX      ESX400-201203401-SG
     ESX            3.5       ESX      ESX350-201203401-SG

  b. ESX third party update for Service Console kernel

     The ESX Service Console Operating System (COS) kernel is updated
     to kernel-400.2.6.18-238.4.11.591731 to fix multiple security
     issues in the COS kernel.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2011-2482, CVE-2011-3191 and
     CVE-2011-4348 to these issues.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product   Running  Replace with/
     Product        Version   on       Apply Patch
     =============  ========  =======  =================
     vCenter        any       Windows  not affected

     hosted *       any       any      not affected

     ESXi           any       ESXi     not affected

     ESX            4.1       ESX      patch pending **
     ESX            4.0       ESX      ESX400-201203401-SG
     ESX            3.5       ESX      not applicable

     * hosted products are VMware Workstation, Player, ACE, Fusion.

     ** One of the three issues, CVE-2011-2482, has already been
        addressed on ESX 4.1 in an earlier kernel patch. See
        VMSA-2012-0001 for details.
c. ESX third party update for Service Console krb5 RPM

     This patch updates the krb5-libs and krb5-workstation RPMs to
     version 1.6.1-63.el5_7 to resolve a security issue.

     By default, the affected krb5-telnet and ekrb5-telnet services
     do not run. The krb5 telnet daemon is an xinetd service.  You
     can run the following commands to check if krb5 telnetd is
     enabled:

       /sbin/chkconfig --list krb5-telnet
       /sbin/chkconfig --list ekrb5-telnet
The output of these commands displays if krb5 telnet is enabled. You can run the following commands to disable krb5 telnet
     daemon:

       /sbin/chkconfig krb5-telnet off
       /sbin/chkconfig ekrb5-telnet off

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2011-4862 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product   Running  Replace with/
     Product        Version   on       Apply Patch
     =============  ========  =======  =================
     vCenter        any       Windows  not affected

     hosted *       any       any      not affected

     ESXi           any       ESXi     not affected

     ESX            4.1       ESX      not applicable
     ESX            4.0       ESX      ESX400-201203407-SG
     ESX            3.5       ESX      not applicable

     * hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

  Please review the patch/release notes for your product and
  version and verify the checksum of your downloaded file.

  ESXi 4.1
  --------
  update-from-esxi4.1-4.1_update01
  md5sum: 2f1e009c046b20042fae3b7ca42a840f
  sha1sum: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
  http://kb.vmware.com/kb/1027919

  update-from-esxi4.1-4.1_update01 contains ESXi410-201101201-SG

  ESXi 4.0
  --------
  ESXi400-201203001
  md5sum: 8054b2e7c9cd024e492ac5c1fb9c1e72
  sha1sum: 6150fee114d70603ccae399f42b905a6b1a7f3e1
  http://kb.vmware.com/kb/2011777

  ESXi400-201203001 contains ESXi400-201203401-SG

  ESXi 3.5
  --------
  ESXe350-201203401-O-SG
  md5sum: 44124458684d6d1b957b4e39cbe97d77
  sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be
  http://kb.vmware.com/kb/2009160

  ESXe350-201203401-O-SG contains ESXe350-201203401-I-SG
ESX 4.1
  -------
  update-from-esx4.1-4.1_update01
  md5sum: 2d81a87e994aa2b329036f11d90b4c14
  sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
  http://kb.vmware.com/kb/1027904

  update-from-esx4.1-4.1_update01 contains ESX410-201101201-SG
ESX 4.0
  -------
  ESX400-201203001
  md5sum: 02b7e883e8b438b83bf5e53a1be71ad3
  sha1sum: 34734a8edba225a332731205ee2d6575ad9e1c88
  http://kb.vmware.com/kb/2011767

  ESX400-201203001 contains ESX400-201203401-SG and ESX400-201203407-SG

  ESX 3.5
  -------
  ESX350-201203401-SG
  md5sum: 07743c471ce46de825c36c2277ccd500
  sha1sum: cb77e6f820e1015311bf2386b240fd84f0ad04dd
  http://kb.vmware.com/kb/2009155
5. References

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

-----------------------------------------------------------------------

6. Change log

  2012-03-29 VMSA-2012-0006
  Initial security advisory in conjunction with the release of patches
  for ESX 4.0 on 2012-03-29.

-----------------------------------------------------------------------

7. Contact

  E-mail list for product security notifications and announcements:
  http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com
    * bugtraq at securityfocus.com
    * full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
  PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
  http://www.vmware.com/security/advisories
VMware security response policy
  http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
  http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
  http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFPdlThDEcm8Vbi9kMRAvQRAJ9accY0Gpy3OvqreEvaHp4c8VhgDwCfRJAt
XvB0s5bWhTKVg1Lg0UnrFdQ=
=j0iK
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team (Apr 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]