exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2018-0003

VMware Security Advisory 2018-0003
Posted Jan 5, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0003 - vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2017-4945, CVE-2017-4946, CVE-2017-4948
SHA-256 | eda449e04f34f16fda9cbfb8f4f7d2b670283db5ad64c5df8ed4051df5360faa

VMware Security Advisory 2018-0003

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0003
Severity: Important
Synopsis: vRealize Operations for Horizon, vRealize Operations for
Published Applications, Workstation, Horizon View Client
and Tools updates resolve multiple security
vulnerabilities


Issue date: 2018-01-04
Updated on: 2018-01-04 (Initial Advisory)
CVE number: CVE-2017-4945, CVE-2017-4946, CVE-2017-4948

1. Summary

vRealize Operations for Horizon, vRealize Operations for Published
Applications, Workstation, Horizon View Client and Tools updates
resolve multiple security vulnerabilities.

2. Relevant Products

vRealize Operations for Horizon (V4H)
vRealize Operations for Published Applications (V4PA)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Horizon View Client for Windows

3. Problem Description

a. V4H and V4PA desktop agent privilege escalation vulnerability

The V4H and V4PA desktop agents contain a privilege escalation
vulnerability. Successful exploitation of this issue could result in
a low privileged windows user escalating their privileges to SYSTEM.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4946 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
========== ========= ======= ========= ============= ==========
V4H 6.x Windows Important 6.5.1* KB52195
V4PA 6.x Windows Important 6.5.1 KB52195

*This agent is also bundled with Horizon 7.4

b. Out-of-bounds read issue via Cortado ThinPrint

VMware Workstation and Horizon View Client contain an out-of-bounds
read vulnerability in TPView.dll. On Workstation, this issue in
conjunction with other bugs may allow a guest to leak information
from host or may allow for a Denial of Service on the Windows OS
that runs Workstation. In the case of a Horizon View Client, this
issue in conjunction with other bugs may allow a View desktop to
leak information from host or may allow for a Denial of Service on
the Windows OS that runs the Horizon View Client.

Exploitation is only possible if virtual printing has been enabled.
This feature is not enabled by default on Workstation but it is
enabled by default on Horizon View.

VMware would like to thank Yakun Zhang of McAfee for reporting this
issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4948 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
============== ======= ======= ======== ============= ==========
Horizon View 4.x Windows Important 4.7.0 None
Client for Windows
Workstation 14.x Windows Important 14.1.0 None

Workstation 14.x Linux N/A not affected N/A
Workstation 12.x Windows Important no patch planned None

Workstation 12.x Linux N/A not affected N/A

c. Guest access control vulnerability.

VMware Workstation and Fusion contain a guest access control
vulnerability. This issue may allow program execution via Unity on
locked Windows VMs.

VMware Tools must updated to 10.2.0 for each VM to resolve
CVE-2017-4945.

VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and
Fusion 10.1.0 by default.

VMware would like to thank Tudor Enache of the United Arab
Emirates Computer Emergency Response Team (aeCERT) for reporting
this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4945 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch* Workaround
============== ======= ======= ======== ============= ==========
Workstation 14.x Any Important Upgrade Tools* None

Workstation 12.x Any Important no patch planned None

Fusion 10.x OS X Important Upgrade Tools* None

Fusion 8.x OS X Important no patch planned None

* VMware Tools must updated to 10.2.0 for each VM to resolve
CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0
and Fusion 10.1.0 by default.

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

vRealize Operations for Horizon Desktop Agent 6.5.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=475&downloadGroup
=V4H-651-GA

vRealize Operations for Published Applications Desktop Agent 6.5.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=475&downloadGroup
=V4PA-651-GA

VMware Horizon View Client 4.7.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=CART18FQ4_WIN
_470&productId=578&rPId=20571

VMware Workstation Pro 14.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 14.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html

VMware Tools 10.2.0
Downloads:
https://my.vmware.com/web/vmware/details?
downloadGroup=VMTOOLS1020&productId=491
Documentation:
https://docs.vmware.com/en/VMware-Tools/10.2/rn/
vmware-tools-1020-release-notes.html

5. References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4945
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4946
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4948
http://kb.vmware.com/kb/52195

- ------------------------------------------------------------------------

6. Change log

2018-01-04 VMSA-2018-0003 Initial security advisory in conjunction
with the release of VMware Horizon View Client 4.7.0 on 2018-01-04.

- ------------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2018 VMware Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaTx9yDEcm8Vbi9kMRAuQxAJsEoHi61EF6A0T8IPR/LX4mvgH2iACgwuQg
022yaolSTWh5Wdu/13NOkrE=
=qtU5
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close