[Security-announce] UPDATED VMSA-2008-0003.1 Moderate: Updated aacraid driver and samba and python Service Console updates

security-announce at lists.vmware.com security-announce at lists.vmware.com
Tue Apr 15 18:12:56 PDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~                   VMware Security Advisory

Advisory ID:       VMSA-2008-0003.1
Synopsis:          Moderate: Updated aacraid driver and samba
~                   and python Service Console updates
Issue date:        2008-02-04
Updated on:        2008-04-15
CVE numbers:       CVE-2007-6015 CVE-2006-7228 CVE-2007-2052
~                   CVE-2007-4965 CVE-2007-4308
- -------------------------------------------------------------------

1. Summary:

~   Security updates to aacraid driver, samba and python

2. Relevant releases:

ESX 3.5   without patches ESX350-200802406-SG(aacraid),
~                          ESX350-200802408-SG(python),
~                          ESX350-200802415-SG(samba)

ESX 3.0.2 without patches ESX-1003362(aacraid),
~                          ESX-1003360(python),
~                          ESX-1003359(samba)

ESX 3.0.1 without patches ESX-1003350(aacraid),
~                          ESX-1003348(python),
~                          ESX-1003347(samba)

ESX 2.5.5 Upgrade Patch 4
ESX 2.5.4 Upgrade Patch 15

NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~      and Bug fixes) is 10/08/2008.  Users should plan to upgrade to at
~      least 2.5.5 and preferably the newest release available before the
~      end of extended support.

NOTE: ESX 3.0.1 is in Extended Support and its end of support (Security
~      and Bug fixes) is 07/31/2008.  Users should plan to upgrade to at
~      least 3.0.2 update 1 and preferably the newest release available
~      before the end of extended support.

ESX Server versions 3.0.0 and prior to 2.5.4 are no longer in Extended
Support.  Users should upgrade to a supported version of the product.

The VMware Infrastructure Support Life Cycle Policy can be found here:
http://www.vmware.com/support/policies/eos_vi.html

3. Problem description:

~ I  Updated ESX driver

~     a. Updated aacraid driver

~        This patch fixes a flaw in how the aacraid SCSI driver checked
~        IOCTL command permissions.  This flaw might allow a local user
~        on the Service Console to cause a denial of service or gain
~        privileges. Thanks to Adaptec for reporting this issue.

~        The Common Vulnerabilities and Exposures project (cve.mitre.org)
~        has assigned the name CVE-2007-4308 to this issue.

~        RPM Updated:
~        VMware-esx-drivers-scsi-aacraid_esx30.rpm
~        kernel-vmnix.rpm

~        VM Shutdown: Yes
~        Host Reboot: Yes

~        ESX 3.5 ESX350-200802406-SG
~        http://download3.vmware.com/software/vi/ESX350-200802406-SG.zip
~        md5sum: 408a8a5aefde2ce33dec78cb01f80aca
~        http://kb.vmware.com/kb/1003449

~        ESX 3.0.2 ESX-1003362
~        http://download3.vmware.com/software/vi/ESX-1003362.tgz
~        md5sum: f828e7c1c00c2b32ebd4f14f92febe16
~        http://kb.vmware.com/kb/1003362

~        ESX 3.0.1 ESX-1003350
~        http://download3.vmware.com/software/vi/ESX-1003350.tgz
~        md5sum: 490e042c9a726480fe3d3cbc6b4fae5a
~        http://kb.vmware.com/kb/1003350

~        ESX 2.5.4 Upgrade Patch 15
~        ESX 2.5.5 Upgrade Patch 4

~ II  Service Console package security updates

~     a. Samba

~        Alin Rad Pop of Secunia Research found a stack buffer overflow
~        flaw in the way Samba authenticates remote users.  A remote
~        unauthenticated user could trigger this flaw to cause the Samba
~        server to crash or to execute arbitrary code with the
~        permissions of the Samba server.

~        Note: This vulnerability can be exploited only if the attacker
~              has access to the Service Console network.  The Samba
~              client is installed by default in the Service Console, but
~              the Samba server is not.

~        The Common Vulnerabilities and Exposures project (cve.mitre.org)
~        has assigned the name CVE-2007-6015 to this issue.

~        RPM Updated:
~        samba-3.0.9-1.3E.14.3.i386.rpm,
~        samba-client-3.0.9-1.3E.14.3.i386.rpm,
~        samba-common-3.0.9-1.3E.14.3.i386.rpm

~        VM Shutdown: No
~        Host Reboot: No

~        ESX 3.5 ESX350-200802415-SG
~        http://download3.vmware.com/software/vi/ESX350-200802415-SG
~        md5sum: 5ee3bc45d863e8c83ffef036685fd4f6
~        http://kb.vmware.com/kb/1003462

~        ESX 3.0.2 ESX-1003359
~        http://download3.vmware.com/software/vi/ESX-1003359.tgz
~        md5sum: c1fc3232c76aea150308b2227d9d522e
~        http://kb.vmware.com/kb/1003359

~        ESX 3.0.1 ESX-1003347
~        http://download3.vmware.com/software/vi/ESX-1003347.tgz
~        md5sum: 60bb8e5136b7ce08171719b42fda60cf
~        http://kb.vmware.com/kb/1003347

~        ESX 2.5.4 Upgrade Patch 15
~        ESX 2.5.5 Upgrade Patch 4

~        Deployment Considerations

~        IMPORTANT: The samba-3.0.9-1.3E.14.3vmw RPM is not installed
~        with a default installation of ESX Server software, but some
~        customers choose to install the Samba application on their
~        hosts. VMware recommends against installing such applications in
~        the console operating system, but in order to provide a complete
~        fix to this security issue, this patch supplies the
~        samba-3.0.9-1.3E.14.3vmw RPM. Applying this patch will install
~        the RPM while updating the samba-client-3.0.9-1.3E.14.3vmw and
~        samba-common-3.0.9-1.3E.14.3vmw RPMs, which are part of a
~        default ESX Server software installation. To exclude the
~        samba-3.0.9-1.3E.14.3vmw RPM when installing this bundle, use
~        the exclude option for the esxupdate utility as follows:

~            esxupdate -d <DepotURL> -x samba-3.0.9-1.3E.14.3vmw update

~        Here, <DepotURL> is the URL of the depot from which you are
~        installing your bundles. See the ESX Server 3 Patch Management
~        Guide for more information on advanced options for the esxupdate
~        utility.

~     b. Python

~        Chris Evans of the Google security research team discovered an
~        integer overflow issue with the way Python's Perl-Compatible
~        Regular Expression (PCRE) module handled certain regular
~        expressions.  If a Python application used the PCRE module to
~        compile and execute untrusted regular expressions, it might be
~        possible to cause the application to crash, or to execute
~        arbitrary code with the privileges of the Python interpreter.

~        The Common Vulnerabilities and Exposures project (cve.mitre.org)
~        has assigned the name CVE-2006-7228 to this issue.

~        Piotr Engelking discovered a flaw in Python's locale module
~        where strings generated by the strxfrm() function were not
~        properly NUL-terminated.  This might result in disclosure of
~        data stored in the memory of a Python application using the
~        strxfrm() function.

~        The Common Vulnerabilities and Exposures project (cve.mitre.org)
~        has assigned the name CVE-2007-2052 to this issue.

~        Slythers Bro reported multiple integer overflow flaws in
~        Python's imageop module.  These could allow an attacker to cause
~        a Python application to crash, enter an infinite loop, or
~        possibly execute arbitrary code with the privileges of the
~        Python interpreter.

~        The Common Vulnerabilities and Exposures project (cve.mitre.org)
~        has assigned the name CVE-2007-4965 to this issue.

~        RPM Updated:
~        python-2.2.3-6.8.i386.rpm

~        VM Shutdown: Yes
~        Host Reboot: Yes

~        ESX 3.5 ESX350-200802408-SG
~        http://download3.vmware.com/software/vi/ESX350-200802408-SG.zip
~        md5sum: bc3e64627a6f223f0fae837233df5d0d
~        http://kb.vmware.com/kb/1003451

~        ESX 3.0.2 ESX-1003360
~        http://download3.vmware.com/software/vi/ESX-1003360.tgz
~        md5sum: 91d08543a3303827f3e07e12ffd45241
~        http://kb.vmware.com/kb/1003360

~        ESX 3.0.1 ESX-1003348
~        http://download3.vmware.com/software/vi/ESX-1003348.tgz
~        md5sum: b1fa900baa6ab18266f2840579cfe712
~        http://kb.vmware.com/kb/1003348

~        ESX 2.5.4 Upgrade Patch 15
~        ESX 2.5.5 Upgrade Patch 4

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

~   ESX 3.x Patches:
~   http://www.vmware.com/download/vi/vi3_patches.html

~   ESX 2.x Patches:
~   http://www.vmware.com/download/esx/esx2_patches.html

~   ESX 2.5.5 Upgrade Patch 4
~   http://download3.vmware.com/software/esx/esx-2.5.5-69113-upgrade.tar.gz
~   md5sum: 354fce25ac29411cf5aafecf17f9d446
~   http://www.vmware.com/support/esx25/doc/esx-255-200801-patch.html

~   ESX 2.5.4 Upgrade Patch 15
~   http://download3.vmware.com/software/esx/esx-2.5.4-69112-upgrade.tar.gz
~   md5sum: a31065571a2da5bb5e69a5ccab6aa467
~   http://www.vmware.com/support/esx25/doc/esx-254-200801-patch.html

5. References:

~  CVE numbers
~  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
~  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
~  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
~  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308

6. Change log:

2008-02-04  VMSA-2008-0003    Initial release
2008-04-15  VMSA-2008-0003.1  Added patch information for
~                              ESX 3.5 patch release on 2008-03-10

- -------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~  * security-announce at lists.vmware.com
~  * bugtraq at securityfocus.com
~  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIBVKCS2KysvBH1xkRCNiRAJ4y4zzXfIHTKiC6tY8dLaFmGNPMOwCfZFK7
qotRdQYySQNiJFtax5mv5P0=
=vVK+
-----END PGP SIGNATURE-----



More information about the Security-announce mailing list