Twenty Year Anniversary

VMware Security Advisory 2016-0019

VMware Security Advisory 2016-0019
Posted Nov 14, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.

tags | advisory
advisories | CVE-2016-7461
MD5 | bfb0804e3270f39abf82b8d28c58b515

VMware Security Advisory 2016-0019

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2016-0019
Severity: Critical
Synopsis: VMware Workstation and Fusion updates address critical
out-of-bounds memory access vulnerability
Issue date: 2016-11-13
Updated on: 2016-11-13 (Initial Advisory)
CVE number: CVE-2016-7461

1. Summary

VMware Workstation and Fusion updates address address critical
out-of-bounds memory access vulnerability.

2. Relevant Products

VMware Workstation Pro / Player
VMware Fusion Pro / Fusion

3. Problem Description

a. VMware Workstation and Fusion out-of-bounds memory access

The drag-and-drop (DnD) function in VMware Workstation and Fusion has
an out-of-bounds memory access vulnerability. This may allow a guest
to execute code on the operating system that runs Workstation or
Fusion.

Workaround
On Workstation Pro and Fusion, the issue cannot be exploited if both
the drag-and-drop function and the copy-and-paste (C&P) function are
disabled. Refer to the Reference section on documentation how to
disable these functions. This workaround is not available on
Workstation Player.

VMware would like to thank Qinghao Tang and Xinlei Ying from the
360 Marvel Team and lokihardt, all working with the organizers of
PwnFest for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-7461 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=========== ======== ======== ======== ============= ===========
Workstation 12.x Any Critical 12.5.2 Disable
Pro DnD and C&P

Workstation 12.x Any Critical 12.5.2 None
Player

Fusion Pro 8.x Mac OS X Critical 8.5.2 Disable
Fusion DnD and C&P

ESXi Any ESXi N/A Not affected N/A


4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Workstation Pro 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

Workaround documentation

Workstation Pro: Disabling drag-and-drop and copy-and-paste
functionality

http://pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstati
on-pro-12-user-guide.pdf
(page 81 and 82)

Fusion: Disabling drag-and-drop and copy-and-paste functionality

http://pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-g
uide.pdf
(page 135)

- ------------------------------------------------------------------------

6. Change log

2016-11-13 VMSA-2016-0019
Initial security advisory in conjunction with the release of VMware
Workstation Pro/Player 12.5.2 and VMware Fusion Pro, Fusion 8.5.2 on
2016-11-13.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC

Copyright 2016 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFYKV+RDEcm8Vbi9kMRArbcAJ9gO4MdeaIYECV3muh613FJ45ZYrACfSFgD
5VhdugdkxotCkv/4vGwyNqY=
=N8Vd
-----END PGP SIGNATURE-----?



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close