what you don't know can hurt you

VMware Security Advisory 2012-0006

VMware Security Advisory 2012-0006
Posted Mar 30, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0006 - VMware ESXi and ESX address several security issues.

tags | advisory
advisories | CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862, CVE-2012-1515
MD5 | 33ec7bc42c9c6c50e69c08c3cf727c79

VMware Security Advisory 2012-0006

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2012-0006
Synopsis: VMware ESXi and ESX address several security issues
Issue date: 2012-03-29
Updated on: 2012-03-29 (initial advisory) CVE numbers: CVE-2012-1515,
CVE-2011-2482, CVE-2011-3191, CVE-2011-4348
CVE-2011-4862
-----------------------------------------------------------------------
1. Summary

VMware ESXi and ESX address several security issues.

2. Relevant releases

ESXi 4.1 without patch ESXi410-201101201-SG
ESXi 4.0 without patch ESXi400-201203401-SG
ESXi 3.5 without patch ESXe350-201203401-I-SG

ESX 4.1 without patch ESX410-201101201-SG
ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
ESX 3.5 without patch ESX350-201203401-SG

3. Problem Description

a. VMware ROM Overwrite Privilege Escalation

A flaw in the way port-based I/O is handled allows for modifying
Read-Only Memory that belongs to the Virtual DOS Machine.
Exploitation of this issue may lead to privilege escalation on
Guest Operating Systems that run Windows 2000, Windows XP
32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2
32-bit.

VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1515 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected

Workstation 8.x any not affected

Player 4.x any not affected

Fusion 4.x Mac OS/X not affected

ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi ESXi400-201203401-SG
ESXi 3.5 ESXi ESXe350-201203401-I-SG

ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX ESX400-201203401-SG
ESX 3.5 ESX ESX350-201203401-SG

b. ESX third party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated
to kernel-400.2.6.18-238.4.11.591731 to fix multiple security
issues in the COS kernel.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2011-2482, CVE-2011-3191 and
CVE-2011-4348 to these issues.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX patch pending **
ESX 4.0 ESX ESX400-201203401-SG
ESX 3.5 ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

** One of the three issues, CVE-2011-2482, has already been
addressed on ESX 4.1 in an earlier kernel patch. See
VMSA-2012-0001 for details.

c. ESX third party update for Service Console krb5 RPM

This patch updates the krb5-libs and krb5-workstation RPMs to
version 1.6.1-63.el5_7 to resolve a security issue.

By default, the affected krb5-telnet and ekrb5-telnet services
do not run. The krb5 telnet daemon is an xinetd service. You
can run the following commands to check if krb5 telnetd is
enabled:

/sbin/chkconfig --list krb5-telnet
/sbin/chkconfig --list ekrb5-telnet

The output of these commands displays if krb5 telnet is enabled.

You can run the following commands to disable krb5 telnet
daemon:

/sbin/chkconfig krb5-telnet off
/sbin/chkconfig ekrb5-telnet off

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2011-4862 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX not applicable
ESX 4.0 ESX ESX400-201203407-SG
ESX 3.5 ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

ESXi 4.1
--------
update-from-esxi4.1-4.1_update01
md5sum: 2f1e009c046b20042fae3b7ca42a840f
sha1sum: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
http://kb.vmware.com/kb/1027919

update-from-esxi4.1-4.1_update01 contains ESXi410-201101201-SG

ESXi 4.0
--------
ESXi400-201203001
md5sum: 8054b2e7c9cd024e492ac5c1fb9c1e72
sha1sum: 6150fee114d70603ccae399f42b905a6b1a7f3e1
http://kb.vmware.com/kb/2011777

ESXi400-201203001 contains ESXi400-201203401-SG

ESXi 3.5
--------
ESXe350-201203401-O-SG
md5sum: 44124458684d6d1b957b4e39cbe97d77
sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be
http://kb.vmware.com/kb/2009160

ESXe350-201203401-O-SG contains ESXe350-201203401-I-SG

ESX 4.1
-------
update-from-esx4.1-4.1_update01
md5sum: 2d81a87e994aa2b329036f11d90b4c14
sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
http://kb.vmware.com/kb/1027904

update-from-esx4.1-4.1_update01 contains ESX410-201101201-SG

ESX 4.0
-------
ESX400-201203001
md5sum: 02b7e883e8b438b83bf5e53a1be71ad3
sha1sum: 34734a8edba225a332731205ee2d6575ad9e1c88
http://kb.vmware.com/kb/2011767

ESX400-201203001 contains ESX400-201203401-SG and ESX400-201203407-SG

ESX 3.5
-------
ESX350-201203401-SG
md5sum: 07743c471ce46de825c36c2277ccd500
sha1sum: cb77e6f820e1015311bf2386b240fd84f0ad04dd
http://kb.vmware.com/kb/2009155

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

-----------------------------------------------------------------------

6. Change log

2012-03-29 VMSA-2012-0006
Initial security advisory in conjunction with the release of patches
for ESX 4.0 on 2012-03-29.

-----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk91Pd0ACgkQDEcm8Vbi9kPdugCfXs7gbuu4YxHzM1zqmNuHBO3D
L6kAoIJTyaDPeZKmIyzBR3P86G0wd/+F
=84Nj
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close