[Security-announce] UPDATED VMSA-2008-0007.1 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

security-announce at lists.vmware.com security-announce at lists.vmware.com
Mon May 5 11:38:31 PDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0007.1
Synopsis:          Moderate Updated Service Console packages pcre,
                   net-snmp, and OpenPegasus
Issue date:        2008-04-15
Updated on:        2008-05-05
CVE numbers:       CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
                   CVE-2008-0003
- -------------------------------------------------------------------

1. Summary:

   Updated Service Console packages for pcre, net-snmp, and OpenPegasus

2. Relevant releases:

   VMware ESX 3.5   without patches ESX350-200803214-UG(pcre,net-snmp),
                                    ESX350-200803201-UG(OpenPegasus)
   VMware ESX 3.0.2 without patch ESX-1004213(OpenPegasus)
   VMware ESX 3.0.1 without patch ESX-1004184(OpenPegasus)

NOTES: ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 07/31/2008. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
release available.  ESX version 3.0.0 is no longer in Extended
Support. Users should upgrade to a supported version of the product.

3. Problem description:

   a. Updated pcre Service Console package addresses several security issues

   The pcre package contains the Perl-Compatible Regular Expression library.
   pcre is used by various Service Console utilities.

   Several security issues were discovered in the way PCRE handles regular
   expressions. If an application linked against PCRE parsed a malicious
   regular expression, it may have been possible to run arbitrary code as
   the user running the application.

   VMware would like to thank Ludwig Nussel for reporting these issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

   RPM Updated:
   pcre-3.9-10.4.i386.rpm

   VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)

   b. Updated net-snmp Service Console package addresses denial of service

   net-snmp is an implementation of the Simple Network Management
   Protocol (SNMP).  SNMP is used by network management systems to
   monitor hosts.  By default ESX has this service enabled and its ports
   open on the ESX firewall.

   A flaw was discovered in the way net-snmp handled certain requests. A
   remote attacker who can connect to the snmpd UDP port could send a
   malicious packet causing snmpd to crash, resulting in a denial of
   service.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CVE-2007-5846 to this issue.

   RPM Updated:
   net-snmp-5.0.9-2.30E.23.i386.rpm
   net-snmp-libs-5.0.9-2.30E.23.i386.rpm
   net-snmp-utils-5.0.9-2.30E.23.i386.rpm

   VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)

   c. Updated OpenPegasus Service Console package fixes overflow condition

   OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
   Management (WBEM) broker.  These protocols are used by network management
   systems to monitor and control hosts.  By default ESX has this service
   enabled and its ports open on the ESX firewall.

   A flaw was discovered in the OpenPegasus CIM management server that
   might allow remote attackers to execute arbitrary code.  OpenPegasus
   when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
   defined, has a stack-based buffer overflow condition.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CVE-2008-0003 to this issue.

   RPMS updated:
   cim-smwg-1.0-release-606113.i386.rpm
   pegasus-2.5-release-606113.i386.rpm

   VMware ESX 3.5   patch ESX350-200803201-UG(OpenPegasus)
   VMware ESX 3.0.2 patch ESX-1004213(OpenPegasus)
   VMware ESX 3.0.1 patch ESX-1004184(OpenPegasus)

4. Solution:

Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.

   ESX 3.5 patch ESX350-200803214-UG
   http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
   md5sum:  9ff7b416afed3acfbfbb5d1d63ca5060
   http://kb.vmware.com/kb/1003721

   RPMS updated with patch ESX350-200803214-UG
   e2fsprogs-1.32-15.4.i386.rpm
   net-snmp-5.0.9-2.30E.23.i386.rpm
   net-snmp-libs-5.0.9-2.30E.23.i386.rpm
   net-snmp-utils-5.0.9-2.30E.23.i386.rpm
   pcre-3.9-10.4.i386.rpm
   libxml2-2.5.10-8.i386.rpm
   libxml2-python-2.5.10-8.i386.rpm

   ESX 3.5 patch ESX350-200803201-UG
   http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip
   md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
   http://kb.vmware.com/kb/1003695

   RPMS updated with ESX350-200803201-UG
   cim-smwg-1.0-release-606113.i386.rpm
   pegasus-2.5-release-606113.i386.rpm

   VMware ESX 3.0.2 patch ESX-1004213 (OpenPegasus)
   http://download3.vmware.com/software/vi/ESX-1004213.tgz
   md5sum: cde300d8239ce5c9aac887957957eaa4
   http://kb.vmware.com/kb/1004213

   VMware ESX 3.0.1 patch ESX-1004184 (OpenPegasus)
   http://download3.vmware.com/software/vi/ESX-1004184.tgz
   md5sum: e96659cf283e1e2e141de58603af1bfc
   http://kb.vmware.com/kb/1004184

5. References:

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003

6. Change log

2008-04-15  VMSA-2008-0007
Initial release
2008-05-05  VMSA-2008-0007.1
Added ESX 3.0.1, 3.0.2 for issue 3c. released 2008-05-01

- -------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIH1QkS2KysvBH1xkRCJnnAJ9LA1gLEZQFe9iWXCj+noZ5sWcYrACeMuuQ
vvNgm1H67eFkMug78n/RWjw=
=yAeJ
-----END PGP SIGNATURE-----



More information about the Security-announce mailing list