Twenty Year Anniversary

VMware Security Advisory 2016-0019

VMware Security Advisory 2016-0019
Posted Nov 14, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.

tags | advisory
advisories | CVE-2016-7461
MD5 | bfb0804e3270f39abf82b8d28c58b515

VMware Security Advisory 2016-0019

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2016-0019
Severity: Critical
Synopsis: VMware Workstation and Fusion updates address critical
out-of-bounds memory access vulnerability
Issue date: 2016-11-13
Updated on: 2016-11-13 (Initial Advisory)
CVE number: CVE-2016-7461

1. Summary

VMware Workstation and Fusion updates address address critical
out-of-bounds memory access vulnerability.

2. Relevant Products

VMware Workstation Pro / Player
VMware Fusion Pro / Fusion

3. Problem Description

a. VMware Workstation and Fusion out-of-bounds memory access

The drag-and-drop (DnD) function in VMware Workstation and Fusion has
an out-of-bounds memory access vulnerability. This may allow a guest
to execute code on the operating system that runs Workstation or
Fusion.

Workaround
On Workstation Pro and Fusion, the issue cannot be exploited if both
the drag-and-drop function and the copy-and-paste (C&P) function are
disabled. Refer to the Reference section on documentation how to
disable these functions. This workaround is not available on
Workstation Player.

VMware would like to thank Qinghao Tang and Xinlei Ying from the
360 Marvel Team and lokihardt, all working with the organizers of
PwnFest for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-7461 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=========== ======== ======== ======== ============= ===========
Workstation 12.x Any Critical 12.5.2 Disable
Pro DnD and C&P

Workstation 12.x Any Critical 12.5.2 None
Player

Fusion Pro 8.x Mac OS X Critical 8.5.2 Disable
Fusion DnD and C&P

ESXi Any ESXi N/A Not affected N/A


4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Workstation Pro 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

Workaround documentation

Workstation Pro: Disabling drag-and-drop and copy-and-paste
functionality

http://pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstati
on-pro-12-user-guide.pdf
(page 81 and 82)

Fusion: Disabling drag-and-drop and copy-and-paste functionality

http://pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-g
uide.pdf
(page 135)

- ------------------------------------------------------------------------

6. Change log

2016-11-13 VMSA-2016-0019
Initial security advisory in conjunction with the release of VMware
Workstation Pro/Player 12.5.2 and VMware Fusion Pro, Fusion 8.5.2 on
2016-11-13.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC

Copyright 2016 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFYKV+RDEcm8Vbi9kMRArbcAJ9gO4MdeaIYECV3muh613FJ45ZYrACfSFgD
5VhdugdkxotCkv/4vGwyNqY=
=N8Vd
-----END PGP SIGNATURE-----?



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close