Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl
From: VMware Security team <security () vmware com>
Date: Fri, 10 Jul 2009 17:07:15 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0009
Synopsis:          ESX Service Console updates for udev, sudo, and curl
Issue date:        2009-07-10
Updated on:        2009-07-10 (initial release of advisory)
CVE numbers:       CVE-2009-1185 CVE-2009-0034 CVE-2009-0037
- -----------------------------------------------------------------------

1. Summary

   Update for Service Console packages udev,sudo, and curl

2. Relevant releases

   VMware ESX 4.0.0 without bulletin ESX400-200906411-SG,
   ESX400-200906406-SG, ESX400-200906407-SG.

3. Problem Description

 a. Service Console package udev

    A vulnerability in the udev program did not verify whether a NETLINK
    message originates from kernel space, which allows local users to
    gain privileges by sending a NETLINK message from user space.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-1185 to this issue.

    Please see http://kb.vmware.com/kb/1011786 for details.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200906411-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 b. Service Console package sudo

    Service Console package for sudo has been updated to version
    sudo-1.6.9p17-3. This fixes the following issue: Sudo versions
    1.6.9p17 through 1.6.9p19 do not properly interpret a system group
    in the sudoers file during authorization decisions for a user who
    belongs to that group, which might allow local users to leverage an
    applicable sudoers file and gain root privileges by using a sudo
    command.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-0034 to this issue.

    Please see http://kb.vmware.com/kb/1011781 for more details

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200906411-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 c. Service Console package curl

    Service Console package for curl has been updated to version
    curl-7.15.5-2.1.  This fixes the following issue: The redirect
    implementation in curl and libcurl 5.11 through 7.19.3, when
    CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location
    values, which might allow remote HTTP servers to trigger arbitrary
    requests to intranet servers, read or overwrite arbitrary files by
    using a redirect to a file: URL, or execute arbitrary commands by
    using a redirect to an scp: URL.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-0037 to this issue.

    Please see http://kb.vmware.com/kb/1011782 for details

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200906407-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            3.0.2     ESX      not affected
    ESX            2.5.5     ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   ESX 4.0
   -------
   ESX400-200906001
   http://tinyurl.com/ncfu5s
   md5sum:cab549922f3429b236633c0e81351cde
   sha1sum:aff76554ec5ee3c915eb4eac02e62c131163059a

   Note: ESX400-200906001 contains the following security fixes
         ESX400-200906411-SG, ESX400-200906406-SG, ESX400-200906405-SG,
         ESX400-200906407-SG.

   To install an individual bulletin use esxupdate with the -b option.
   esxupdate --bundle ESX400-200906001.zip -b ESX400-200906411-SG \
   -b ESX400-200906406-SG -b ESX400-200906405-SG -b \
   ESX400-200906407-SG update

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037

- -------------------------------------------------------------------------
6. Change log

2009-07-10  VMSA-2009-0008
Initial security advisory after release of bulletins for ESX 4.0 on
2009-07-10.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFKV9esS2KysvBH1xkRAn2bAJ91HvmEkAxVpRxehax8rGzBd+ufcwCeIhk8
zk/ROHHbZJmWN44MlbMIx/8=
=fQaI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl VMware Security team (Jul 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]