[Security-announce] UPDATED VMSA-2012-0006.2 VMware Workstation, ESXi, and ESX address several security issues

VMware Security Announcements security-announce at lists.vmware.com
Wed Jun 13 19:45:27 PDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:  VMSA-2012-0006.2
Synopsis:     VMware Workstation, ESXi, and ESX address several security
              issues
Issue date:   2012-03-29
Updated on:   2012-06-13
CVE numbers:  CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348
              CVE-2011-4862
 -----------------------------------------------------------------------
1. Summary

   VMware ESXi and ESX address several security issues.

2. Relevant releases

   Workstation 7.1.1

   Player 3.1.1

   ESXi 4.1 without patch ESXi410-201101201-SG
   ESXi 4.0 without patch ESXi400-201203401-SG
   ESXi 3.5 without patch ESXe350-201203401-I-SG

   ESX 4.1 without patch ESX410-201101201-SG
   ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
   ESX 3.5 without patch ESX350-201203401-SG

3. Problem Description
 
   a. VMware ROM Overwrite Privilege Escalation
 
      A flaw in the way port-based I/O is handled allows for modifying
      Read-Only Memory that belongs to the Virtual DOS Machine.
      Exploitation of this issue may lead to privilege escalation on
      Guest Operating Systems that run Windows 2000, Windows XP
      32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2
      32-bit.
 
      VMware would like to thank Derek Soeder of Ridgeway Internet
      Security, L.L.C. for reporting this issue to us.
   
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CVE-2012-1515 to this issue.
 
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
 
      VMware         Product   Running  Replace with/
      Product        Version   on       Apply Patch
      =============  ========  =======  =================
      vCenter        any       Windows  not affected
 
      Workstation    8.x       any      not affected
      Workstation    7.x       any      7.1.2 or later
                           
      Player         4.x       any      not affected
      Player         3.x       any      3.1.2 or later
                           
      Fusion         4.x       Mac OS/X not affected
 
      ESXi           5.0       ESXi     not affected
      ESXi           4.1       ESXi     ESXi410-201101201-SG
      ESXi           4.0       ESXi     ESXi400-201203401-SG
      ESXi           3.5       ESXi     ESXe350-201203401-I-SG
 
      ESX            4.1       ESX      ESX410-201101201-SG
      ESX            4.0       ESX      ESX400-201203401-SG
      ESX            3.5       ESX      ESX350-201203401-SG
 
   b. ESX third party update for Service Console kernel
 
      The ESX Service Console Operating System (COS) kernel is updated
      to kernel-400.2.6.18-238.4.11.591731 to fix multiple security
      issues in the COS kernel.
 
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2011-2482, CVE-2011-3191 and
      CVE-2011-4348 to these issues.
 
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
 
      VMware         Product   Running  Replace with/
      Product        Version   on       Apply Patch
      =============  ========  =======  =================
      vCenter        any       Windows  not affected
 
      hosted *       any       any      not affected
 
      ESXi           any       ESXi     not affected
 
      ESX            4.1       ESX      See VMSA-2012-0008 **
      ESX            4.0       ESX      ESX400-201203401-SG
      ESX            3.5       ESX      not applicable
 
      * hosted products are VMware Workstation, Player, ACE, Fusion.
 
      ** One of the three issues, CVE-2011-2482, has already been
         addressed on ESX 4.1 in an earlier kernel patch. See
         VMSA-2012-0001 for details.
   
   c. ESX third party update for Service Console krb5 RPM
 
      This patch updates the krb5-libs and krb5-workstation RPMs to
      version 1.6.1-63.el5_7 to resolve a security issue.
 
      By default, the affected krb5-telnet and ekrb5-telnet services
      do not run. The krb5 telnet daemon is an xinetd service.  You
      can run the following commands to check if krb5 telnetd is
      enabled:

        /sbin/chkconfig --list krb5-telnet
        /sbin/chkconfig --list ekrb5-telnet
     
      The output of these commands displays if krb5 telnet is enabled.
     
      You can run the following commands to disable krb5 telnet
      daemon:

        /sbin/chkconfig krb5-telnet off
        /sbin/chkconfig ekrb5-telnet off
 
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CVE-2011-4862 to this issue.
 
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
 
      VMware         Product   Running  Replace with/
      Product        Version   on       Apply Patch
      =============  ========  =======  =================
      vCenter        any       Windows  not affected
 
      hosted *       any       any      not affected
 
      ESXi           any       ESXi     not affected
 
      ESX            4.1       ESX      not applicable
      ESX            4.0       ESX      ESX400-201203407-SG
      ESX            3.5       ESX      not applicable
 
      * hosted products are VMware Workstation, Player, ACE, Fusion.
 
4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   Workstation 7.1.2
   -----------------
   http://www.vmware.com/go/downloadworkstation

   Release notes:
   https://www.vmware.com/support/ws71/doc/releasenotes_ws712.html

   Workstation for Windows 32-bit and 64-bit with VMware Tools   
   md5sum: 2e9715ec297dc3ca904ad2707d3e2614
   sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a

   Workstation for Windows 32-bit and 64-bit without VMware Tools        
   md5sum: 066929f59aef46f11f4d9fd6c6b36e4d
   sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3

   Player 3.1.2
   ------------
   http://www.vmware.com/go/downloadplayer

   Release notes:
   https://www.vmware.com/support/player31/doc/releasenotes_player312.html

   VMware Player for Windows 32-bit and 64-bit        
   md5sum: 3f289cb33af5e425c92d8512fb22a7ba
   sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70

   VMware Player for Linux 32-bit        
   md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8
   sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749

   VMware Player for Linux 64-bit        
   md5sum: 2ab08e0d4050719845a64d334ca15bb1
   sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c

   ESXi 4.1
   --------
   update-from-esxi4.1-4.1_update01
   md5sum: 2f1e009c046b20042fae3b7ca42a840f
   sha1sum: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
   http://kb.vmware.com/kb/1027919

   update-from-esxi4.1-4.1_update01 contains ESXi410-201101201-SG

   ESXi 4.0
   --------
   ESXi400-201203001
   md5sum: 8054b2e7c9cd024e492ac5c1fb9c1e72
   sha1sum: 6150fee114d70603ccae399f42b905a6b1a7f3e1
   http://kb.vmware.com/kb/2011777

   ESXi400-201203001 contains ESXi400-201203401-SG

   ESXi 3.5
   --------
   ESXe350-201203401-O-SG
   md5sum: 44124458684d6d1b957b4e39cbe97d77
   sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be
   http://kb.vmware.com/kb/2009160

   ESXe350-201203401-O-SG contains ESXe350-201203401-I-SG
   
   ESX 4.1
   -------
   update-from-esx4.1-4.1_update01
   md5sum: 2d81a87e994aa2b329036f11d90b4c14
   sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
   http://kb.vmware.com/kb/1027904
 
   update-from-esx4.1-4.1_update01 contains ESX410-201101201-SG
   
   ESX 4.0
   -------
   ESX400-201203001
   md5sum: 02b7e883e8b438b83bf5e53a1be71ad3
   sha1sum: 34734a8edba225a332731205ee2d6575ad9e1c88
   http://kb.vmware.com/kb/2011767

   ESX400-201203001 contains ESX400-201203401-SG and ESX400-201203407-SG

   ESX 3.5
   -------
   ESX350-201203401-SG
   md5sum: 07743c471ce46de825c36c2277ccd500
   sha1sum: cb77e6f820e1015311bf2386b240fd84f0ad04dd
   http://kb.vmware.com/kb/2009155
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

 -----------------------------------------------------------------------

6. Change log

   2012-03-29 VMSA-2012-0006
   Initial security advisory in conjunction with the release of patches
   for ESX 4.0 on 2012-03-29.

   2012-04-26 VMSA-2012-0006.1
   Updated security advisory after the release of ESX 4.1 patch on
   2012-04-26.

   2012-06-13 VMSA-2012-0006.2
   Updated Relevant Releases, Problem Description, and Solution
   sections to include information regarding updates for Workstation 7
   in conjunction with the release of Workstation 7.1.6 on 2012-06-13.

 -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
   
   This Security Advisory is posted to the following lists:
   
     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk
   
   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055
   
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   
   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html
   
   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html
   
   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html
   
   Copyright 2012 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFP2VA4DEcm8Vbi9kMRAqoGAJ4ir9o0IIlguKhxVyeAcC4SC0DQbQCg/Ks5
X8w2JC6kyJFxirIcXNLym6A=
=x5Am
-----END PGP SIGNATURE-----




More information about the Security-announce mailing list