-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0003 Synopsis: Moderate: Updated aacraid driver and samba ~ and python service console updates Issue date: 2008-02-04 Updated on: 2008-02-04 (initial release of advisory) CVE numbers: CVE-2007-6015 CVE-2006-7228 CVE-2007-2052 ~ CVE-2007-4965 CVE-2007-4308 - ------------------------------------------------------------------- 1. Summary: ~ Security updates to aacraid driver, samba and python 2. Relevant releases: ESX Server 3.0.2 without patches ESX-1003362, ESX-1003359, ESX-1003360 ESX Server 3.0.1 without patches ESX-1003350, ESX-1003347, ESX-1003348 ESX Server 2.5.5 Upgrade Patch 4 ESX Server 2.5.4 Upgrade Patch 15 NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security ~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at ~ least 2.5.5 and preferably the newest release available before the ~ end of extended support. NOTE: ESX 3.0.1 is in Extended Support and its end of support (Security ~ and Bug fixes) is 07/31/2008. Users should plan to upgrade to at ~ least 3.0.2 update 1 and preferably the newest release available ~ before the end of extended support. ESX Server versions 3.0.0 and prior to 2.5.4 are no longer in Extended Support. Users should upgrade to a supported version of the product. The VMware Infrastructure Support Life Cycle Policy can be found here: http://www.vmware.com/support/policies/eos_vi.html 3. Problem description: ~ I Updated aacraid driver ~ This patch fixes a flaw in how the aacraid SCSI driver checked ~ IOCTL command permissions. This flaw might allow a local user ~ on the service console to cause a denial of service or gain ~ privileges. Thanks to Adaptec for reporting this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-4308 to this issue. ~ ESX Server 3.0.2 ESX-1003362 ~ http://download3.vmware.com/software/vi/ESX-1003362.tgz ~ md5sum: f828e7c1c00c2b32ebd4f14f92febe16 ~ http://kb.vmware.com/kb/1003362 ~ ESX Server 3.0.1 ESX-1003350 ~ http://download3.vmware.com/software/vi/ESX-1003350.tgz ~ md5sum: 490e042c9a726480fe3d3cbc6b4fae5a ~ http://kb.vmware.com/kb/1003350 ~ ESX Server 2.5.4 Upgrade Patch 15 ~ ESX Server 2.5.5 Upgrade Patch 4 ~ RPM Updated: ~ VMware-esx-drivers-scsi-aacraid_esx30.rpm ~ kernel-vmnix.rpm ~ VM Shutdown: Yes ~ Host Reboot: Yes ~ II Service Console package security updates ~ a. Samba ~ Alin Rad Pop of Secunia Research found a stack buffer overflow ~ flaw in the way Samba authenticates remote users. A remote ~ unauthenticated user could trigger this flaw to cause the Samba ~ server to crash or to execute arbitrary code with the ~ permissions of the Samba server. ~ Note: This vulnerability can be exploited only if the attacker ~ has access to the service console network. The Samba ~ client is installed by default in the service console, but ~ the Samba server is not. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-6015 to this issue. ~ RPM Updated: ~ samba-3.0.9-1.3E.14.3.i386.rpm, ~ samba-client-3.0.9-1.3E.14.3.i386.rpm, ~ samba-common-3.0.9-1.3E.14.3.i386.rpm ~ VM Shutdown: No ~ Host Reboot: No ~ ESX Server 3.0.2 ESX-1003359 ~ http://download3.vmware.com/software/vi/ESX-1003359.tgz ~ md5sum: c1fc3232c76aea150308b2227d9d522e ~ http://kb.vmware.com/kb/1003359 ~ ESX Server 3.0.1 ESX-1003347 ~ http://download3.vmware.com/software/vi/ESX-1003347.tgz ~ md5sum: 60bb8e5136b7ce08171719b42fda60cf ~ http://kb.vmware.com/kb/1003347 ~ ESX Server 2.5.4 Upgrade Patch 15 ~ ESX Server 2.5.5 Upgrade Patch 4 ~ Deployment Considerations ~ IMPORTANT: The samba-3.0.9-1.3E.14.3vmw RPM is not installed ~ with a default installation of ESX Server software, but some ~ customers choose to install the Samba application on their ~ hosts. VMware recommends against installing such applications in ~ the console operating system, but in order to provide a ~ complete fix to this security issue, this patch supplies the ~ samba-3.0.9-1.3E.14.3vmw RPM. Applying this patch will install ~ the RPM while updating the samba-client-3.0.9-1.3E.14.3vmw and ~ samba-common-3.0.9-1.3E.14.3vmw RPMs, which are part of a ~ default ESX Server software installation. To exclude the ~ samba-3.0.9-1.3E.14.3vmw RPM when installing this bundle, use ~ the exclude option for the esxupdate utility as follows: ~ esxupdate -d -x samba-3.0.9-1.3E.14.3vmw update ~ Here, is the URL of the depot from which you are ~ installing your bundles. See the ESX Server 3 Patch Management ~ Guide for more information on advanced options for the esxupdate ~ utility. ~ b. Python ~ Chris Evans of the Google security research team discovered an ~ integer overflow issue with the way Python's Perl-Compatible ~ Regular Expression (PCRE) module handled certain regular ~ expressions. If a Python application used the PCRE module to ~ compile and execute untrusted regular expressions, it might be ~ possible to cause the application to crash, or to execute ~ arbitrary code with the privileges of the Python interpreter. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2006-7228 to this issue. ~ Piotr Engelking discovered a flaw in Python's locale module ~ where strings generated by the strxfrm() function were not ~ properly NUL-terminated. This might result in disclosure of ~ data stored in the memory of a Python application using the ~ strxfrm() function. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-2052 to this issue. ~ Slythers Bro reported multiple integer overflow flaws in ~ Python's imageop module. These could allow an attacker to cause ~ a Python application to crash, enter an infinite loop, or ~ possibly execute arbitrary code with the privileges of the ~ Python interpreter. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-4965 to this issue. ~ RPM Updated: ~ python-2.2.3-6.8.i386.rpm ~ VM Shutdown: Yes ~ Host Reboot: Yes ~ ESX Server 3.0.2 ESX-1003360 ~ http://download3.vmware.com/software/vi/ESX-1003360.tgz ~ md5sum: 91d08543a3303827f3e07e12ffd45241 ~ http://kb.vmware.com/kb/1003360 ~ ESX Server 3.0.1 ESX-1003348 ~ http://download3.vmware.com/software/vi/ESX-1003348.tgz ~ md5sum: b1fa900baa6ab18266f2840579cfe712 ~ http://kb.vmware.com/kb/1003348 ~ ESX Server 2.5.4 Upgrade Patch 15 ~ ESX Server 2.5.5 Upgrade Patch 4 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ~ ESX Server 3.x Patches: ~ http://www.vmware.com/download/vi/vi3_patches.html ~ ESX Server 2.x Patches: ~ http://www.vmware.com/download/esx/esx2_patches.html ~ ESX Server 2.5.5 Upgrade Patch 4 ~ http://download3.vmware.com/software/esx/esx-2.5.5-69113-upgrade.tar.gz ~ md5sum: 354fce25ac29411cf5aafecf17f9d446 ~ http://www.vmware.com/support/esx25/doc/esx-255-200801-patch.html ~ ESX Server 2.5.4 Upgrade Patch 15 ~ http://download3.vmware.com/software/esx/esx-2.5.4-69112-upgrade.tar.gz ~ md5sum: a31065571a2da5bb5e69a5ccab6aa467 ~ http://www.vmware.com/support/esx25/doc/esx-254-200801-patch.html 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHvcrsS2KysvBH1xkRCNIdAJ9OvodyE8igopX7q4lxDV02OipNHwCfb0TQ lYOQsaNgLRSCKJEtB5kICg4= =+FkR -----END PGP SIGNATURE-----