what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2011-0011

VMware Security Advisory 2011-0011
Posted Oct 5, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0011 - Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled.

tags | advisory, remote, code execution
advisories | CVE-2011-3868
SHA-256 | 68eb691ab38b6528cdbe2b5c9662b237090ae11982c24494de06d740bd8e8d6b

VMware Security Advisory 2011-0011

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2011-0011
Synopsis: VMware hosted products address remote code execution
vulnerability
Issue date: 2011-10-04
Updated on: 2011-10-04 (initial release of advisory)
CVE numbers: CVE-2011-3868

- ------------------------------------------------------------------------

1. Summary

Hosted product updates address a remote code execution vulnerability
in the way UDF file systems are handled

2. Relevant releases

VMware Workstation 7.1.4 and earlier

VMware Player 3.1.4 and earlier

VMware Fusion 3.1.2 and earlier


3. Problem Description

a. UDF file system import remote code execution

A buffer overflow vulnerability is present in the way UDF file
systems are handled. This issue could allow for code execution if a
user installs from a malicious ISO image that was specially crafted
by an attacker.

VMware would like to thank an anonymous contributor working with the
SecuriTeam Secure Disclosure program for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name 3868.11-3868 to the issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected

Workstation 8.x any not affected
Workstation 7.x any 7.1.5 or later

Player 3.x any 3.1.5 or later

AMS any any not affected

Fusion 4.x Mac OS/X not affected
Fusion 3.1.x Mac OS/X 3.1.3 or later

ESXi any ESXi not affected

ESX any ESX not affected

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

VMware Workstation 7.1.5
------------------------
http://www.vmware.com/go/downloadworkstation
Release notes:
http://downloads.vmware.com/support/ws71/doc/releasenotes_ws715.html

VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 40a0a39377a6ba804d5e76e59449d51f
sha1sum: 25462e18bf9439876c63948415f7ba7b09baa8e6

VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 9c9b4d7a749f1baa485f26e6f366c070
sha1sum: 31033424656b8eaaa814f3e9c3b5b9c5c53b783b

VMware Workstation for Linux 64-bit with VMware Tools
md5sum: 482b8b2890f75488addfc31418031864
sha1sum: b1f73650f70c94249e5add5d9516d0e45c4ae87d

VMware Player 3.1.5
-------------------
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player31/doc/releasenotes_player315.html

VMware Player for 32-bit and 64-bit Windows
md5sum: fcc91227963e58efcb63fb791d2fd813
sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390

VMware Player for 32-bit Linux
md5sum: c96867c8093d23065bed7e71e020bb19
sha1sum: 4156bdfb7f679114671b416d178028fdc4d3beb4

VMware Player for 64-bit Linux
md5sum: 1ec954f1baaf6a60e451979b5e88f2d6
sha1sum: a253a486d6c6848620de200ef1837ced903daa1c

VMware Fusion 3.1.3
-------------------
http://www.vmware.com/go/downloadfusion
Release Notes:

http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_313.htm
l

VMware Fusion for Intel-based Macs
md5sum: f35ac5c15354723468257d2a48dc4f76
sha1sum: 3c849a62c45551fddb16eebf298cef7279d622a9


5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3868

- ------------------------------------------------------------------------
6. Change log

2011-10-04 VMSA-2011-0011
Initial security advisory in conjunction with the release of VMware
Workstation 7.1.5 and Player 3.1.5 on 2011-10-04.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFOi+JjDEcm8Vbi9kMRAtdxAKDi6DmTvnmL3zhQ+i0Oa4qtMfZS3gCfWEYL
LvAZ37RkpYqCWsk1HDvl7B8=
=uK4e
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close