[Security-announce] NEW VMSA-2016-0001 VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability

VMware Security Announcements security-announce at lists.vmware.com
Thu Jan 7 10:26:15 PST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2016-0001
Synopsis:    VMware ESXi, Workstation, Player, and Fusion updates
             address important guest privilege escalation vulnerability
Issue date:  2016-01-07
Updated on:  2016-01-07 (Initial Advisory)
CVE number:  CVE-2015-6933

1. Summary

   VMware ESXi, Fusion, Player, and Workstation updates address
   important guest privilege escalation vulnerability

2. Relevant Releases

   VMware ESXi 6.0 without patch ESXi600-201512102-SG
   VMware ESXi 5.5 without patch ESXi550-201512102-SG
   VMware ESXi 5.1 without patch ESXi510-201510102-SG
   VMware ESXi 5.0 without patch ESXi500-201510102-SG

   VMware Workstation prior to 11.1.2

   VMware Player prior to 7.1.2

   VMWare Fusion prior to 7.1.2



3. Problem Description

   Important Windows-based guest privilege escalation in VMware Tools

   A kernel memory corruption vulnerability is present in the VMware Tools
   "Shared Folders" (HGFS) feature running on Microsoft Windows. Successful
   exploitation of this issue could lead to an escalation of privilege in
   the guest operating system.

   VMware would like to thank Dmitry Janushkevich from the Secunia
   Research Team for reporting this issue to us.

   Note: This vulnerability does not allow for privilege escalation from
   the guest operating system to the host. Host memory can not be
   manipulated from the guest operating system by exploiting this flaw.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2015-6933 to this issue.

   Workarounds
   Removing the "Shared Folders" (HGFS) feature from previously installed
   VMware Tools will remove the possibility of exploitation.

   Column 4 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware                         Product    Running   Replace with/
   Product                        Version    on        Apply Patch *
   =============                  =======    =======   =================
   VMware ESXi                    6.0        ESXi
ESXi600-201512102-SG**
   VMware ESXi                    5.5        ESXi
ESXi550-201512102-SG**
   VMware ESXi                    5.1        ESXi
ESXi510-201510102-SG**
   VMware ESXi                    5.0        ESXi
ESXi500-201510102-SG**

   VMware Workstation             12.x.x     Any       not affected
   VMware Workstation             11.x.x     Any       11.1.2

   VMware Player                  8.x.x      Any       not affected
   VMware Player                  7.x.x      Any       7.1.2

   VMware Fusion                  8.x.x      OSX       not affected
   VMware Fusion                  7.x.x      OSX       7.1.2

   *After the update or patch is applied, VMware Tools must also
   be updated in any Windows-based guests that include the "Shared Folders"
   (HGFS) feature to resolve CVE-2015-6933.

   **VMware Tools installations initiated via vSphere (ESXi/vCenter) do not
   include the affected "Shared Folders" (HGFS) feature unless a
   "Complete" feature set was specified during the initial installation.

4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware ESXi 6.0
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2135123

   VMware ESXi 5.5
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2135796

   VMware ESXi 5.1
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2126488

   VMware ESXi 5.0
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2120210

   VMware Workstation 11.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation

   VMware Player 7.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer

   VMware Fusion 7.1.2
   https://www.vmware.com/go/downloadfusion

5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933

- ------------------------------------------------------------------------

6. Change log

   2016-01-07 VMSA-2016-0001 Initial security advisory in conjunction
   with the release of VMware ESXi 6.0 patches on 2016-01-07.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2016 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8

wj8DBQFWjqPZDEcm8Vbi9kMRAtScAKCLxB7gZbMDVSmIYbwg1K18phVH4QCgsUgL
mOUNFko1gITbZM6kPmiNYh0=
=l6O6
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vmware.com/pipermail/security-announce/attachments/20160107/d57e971e/attachment.htm 


More information about the Security-announce mailing list