Bugtraq mailing list archives
VMSA-2012-0006 VMware ESXi and ESX address several security issues
From: VMware Security Team <security () vmware com>
Date: Fri, 30 Mar 2012 17:51:16 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0006 Synopsis: VMware ESXi and ESX address several security issues Issue date: 2012-03-29 Updated on: 2012-03-29 (initial advisory) CVE numbers: CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348 CVE-2011-4862 ----------------------------------------------------------------------- 1. Summary VMware ESXi and ESX address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201101201-SG ESXi 4.0 without patch ESXi400-201203401-SG ESXi 3.5 without patch ESXe350-201203401-I-SG ESX 4.1 without patch ESX410-201101201-SG ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG ESX 3.5 without patch ESX350-201203401-SG 3. Problem Description a. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit. VMware would like to thank Derek Soeder of Ridgeway Internet Security, L.L.C. for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1515 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected Workstation 8.x any not affectedPlayer 4.x any not affected Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi ESXi400-201203401-SG ESXi 3.5 ESXi ESXe350-201203401-I-SG ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX ESX400-201203401-SG ESX 3.5 ESX ESX350-201203401-SG b. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-2482, CVE-2011-3191 and CVE-2011-4348 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX patch pending ** ESX 4.0 ESX ESX400-201203401-SG ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. ** One of the three issues, CVE-2011-2482, has already been addressed on ESX 4.1 in an earlier kernel patch. See VMSA-2012-0001 for details.c. ESX third party update for Service Console krb5 RPM
This patch updates the krb5-libs and krb5-workstation RPMs to version 1.6.1-63.el5_7 to resolve a security issue. By default, the affected krb5-telnet and ekrb5-telnet services do not run. The krb5 telnet daemon is an xinetd service. You can run the following commands to check if krb5 telnetd is enabled: /sbin/chkconfig --list krb5-telnet /sbin/chkconfig --list ekrb5-telnetThe output of these commands displays if krb5 telnet is enabled. You can run the following commands to disable krb5 telnet
daemon: /sbin/chkconfig krb5-telnet off /sbin/chkconfig ekrb5-telnet off The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-4862 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ESX 4.0 ESX ESX400-201203407-SG ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 4.1 -------- update-from-esxi4.1-4.1_update01 md5sum: 2f1e009c046b20042fae3b7ca42a840f sha1sum: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 http://kb.vmware.com/kb/1027919 update-from-esxi4.1-4.1_update01 contains ESXi410-201101201-SG ESXi 4.0 -------- ESXi400-201203001 md5sum: 8054b2e7c9cd024e492ac5c1fb9c1e72 sha1sum: 6150fee114d70603ccae399f42b905a6b1a7f3e1 http://kb.vmware.com/kb/2011777 ESXi400-201203001 contains ESXi400-201203401-SG ESXi 3.5 -------- ESXe350-201203401-O-SG md5sum: 44124458684d6d1b957b4e39cbe97d77 sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be http://kb.vmware.com/kb/2009160 ESXe350-201203401-O-SG contains ESXe350-201203401-I-SGESX 4.1
------- update-from-esx4.1-4.1_update01 md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 http://kb.vmware.com/kb/1027904 update-from-esx4.1-4.1_update01 contains ESX410-201101201-SGESX 4.0
------- ESX400-201203001 md5sum: 02b7e883e8b438b83bf5e53a1be71ad3 sha1sum: 34734a8edba225a332731205ee2d6575ad9e1c88 http://kb.vmware.com/kb/2011767 ESX400-201203001 contains ESX400-201203401-SG and ESX400-201203407-SG ESX 3.5 ------- ESX350-201203401-SG md5sum: 07743c471ce46de825c36c2277ccd500 sha1sum: cb77e6f820e1015311bf2386b240fd84f0ad04dd http://kb.vmware.com/kb/20091555. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862 ----------------------------------------------------------------------- 6. Change log 2012-03-29 VMSA-2012-0006 Initial security advisory in conjunction with the release of patches for ESX 4.0 on 2012-03-29. ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announceThis Security Advisory is posted to the following lists: * security-announce at lists.vmware.com
* bugtraq at securityfocus.com * full-disclosure at lists.grok.org.ukE-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055VMware Security Advisories
http://www.vmware.com/security/advisoriesVMware security response policy
http://www.vmware.com/support/policies/security_response.htmlGeneral support life cycle policy
http://www.vmware.com/support/policies/eos.htmlVMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.htmlCopyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPdlThDEcm8Vbi9kMRAvQRAJ9accY0Gpy3OvqreEvaHp4c8VhgDwCfRJAt XvB0s5bWhTKVg1Lg0UnrFdQ= =j0iK -----END PGP SIGNATURE-----
Current thread:
- VMSA-2012-0006 VMware ESXi and ESX address several security issues VMware Security Team (Apr 04)