VMware Security Advisory 2018-0003 - vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.
eda449e04f34f16fda9cbfb8f4f7d2b670283db5ad64c5df8ed4051df5360faa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2018-0003
Severity: Important
Synopsis: vRealize Operations for Horizon, vRealize Operations for
Published Applications, Workstation, Horizon View Client
and Tools updates resolve multiple security
vulnerabilities
Issue date: 2018-01-04
Updated on: 2018-01-04 (Initial Advisory)
CVE number: CVE-2017-4945, CVE-2017-4946, CVE-2017-4948
1. Summary
vRealize Operations for Horizon, vRealize Operations for Published
Applications, Workstation, Horizon View Client and Tools updates
resolve multiple security vulnerabilities.
2. Relevant Products
vRealize Operations for Horizon (V4H)
vRealize Operations for Published Applications (V4PA)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Horizon View Client for Windows
3. Problem Description
a. V4H and V4PA desktop agent privilege escalation vulnerability
The V4H and V4PA desktop agents contain a privilege escalation
vulnerability. Successful exploitation of this issue could result in
a low privileged windows user escalating their privileges to SYSTEM.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4946 to this issue.
Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
========== ========= ======= ========= ============= ==========
V4H 6.x Windows Important 6.5.1* KB52195
V4PA 6.x Windows Important 6.5.1 KB52195
*This agent is also bundled with Horizon 7.4
b. Out-of-bounds read issue via Cortado ThinPrint
VMware Workstation and Horizon View Client contain an out-of-bounds
read vulnerability in TPView.dll. On Workstation, this issue in
conjunction with other bugs may allow a guest to leak information
from host or may allow for a Denial of Service on the Windows OS
that runs Workstation. In the case of a Horizon View Client, this
issue in conjunction with other bugs may allow a View desktop to
leak information from host or may allow for a Denial of Service on
the Windows OS that runs the Horizon View Client.
Exploitation is only possible if virtual printing has been enabled.
This feature is not enabled by default on Workstation but it is
enabled by default on Horizon View.
VMware would like to thank Yakun Zhang of McAfee for reporting this
issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4948 to this issue.
Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
============== ======= ======= ======== ============= ==========
Horizon View 4.x Windows Important 4.7.0 None
Client for Windows
Workstation 14.x Windows Important 14.1.0 None
Workstation 14.x Linux N/A not affected N/A
Workstation 12.x Windows Important no patch planned None
Workstation 12.x Linux N/A not affected N/A
c. Guest access control vulnerability.
VMware Workstation and Fusion contain a guest access control
vulnerability. This issue may allow program execution via Unity on
locked Windows VMs.
VMware Tools must updated to 10.2.0 for each VM to resolve
CVE-2017-4945.
VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and
Fusion 10.1.0 by default.
VMware would like to thank Tudor Enache of the United Arab
Emirates Computer Emergency Response Team (aeCERT) for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4945 to this issue.
Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch* Workaround
============== ======= ======= ======== ============= ==========
Workstation 14.x Any Important Upgrade Tools* None
Workstation 12.x Any Important no patch planned None
Fusion 10.x OS X Important Upgrade Tools* None
Fusion 8.x OS X Important no patch planned None
* VMware Tools must updated to 10.2.0 for each VM to resolve
CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0
and Fusion 10.1.0 by default.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
vRealize Operations for Horizon Desktop Agent 6.5.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=475&downloadGroup
=V4H-651-GA
vRealize Operations for Published Applications Desktop Agent 6.5.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=475&downloadGroup
=V4PA-651-GA
VMware Horizon View Client 4.7.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=CART18FQ4_WIN
_470&productId=578&rPId=20571
VMware Workstation Pro 14.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html
VMware Workstation Player 14.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html
VMware Tools 10.2.0
Downloads:
https://my.vmware.com/web/vmware/details?
downloadGroup=VMTOOLS1020&productId=491
Documentation:
https://docs.vmware.com/en/VMware-Tools/10.2/rn/
vmware-tools-1020-release-notes.html
5. References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4945
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4946
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4948
http://kb.vmware.com/kb/52195
- ------------------------------------------------------------------------
6. Change log
2018-01-04 VMSA-2018-0003 Initial security advisory in conjunction
with the release of VMware Horizon View Client 4.7.0 on 2018-01-04.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2018 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8
wj8DBQFaTx9yDEcm8Vbi9kMRAuQxAJsEoHi61EF6A0T8IPR/LX4mvgH2iACgwuQg
022yaolSTWh5Wdu/13NOkrE=
=qtU5
-----END PGP SIGNATURE-----