-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0007 Synopsis: Moderate Updated Service Console packages pcre ~ net-snmp, and OpenPegasus Issue date: 2008-04-15 Updated on: 2008-04-15 (initial release of advisory) CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846 ~ CVE-2008-0003 - ------------------------------------------------------------------- 1. Summary: ~ Updated Service Console packages for pcre, net-snmp, and OpenPegasus 2. Relevant releases: ~ VMware ESX 3.5 without patch ESX350-200803214-UG 3. Problem description: ~ a. Updated pcre Service Console package addresses several security issues ~ The pcre package contains the Perl-Compatible Regular Expression library. ~ pcre is used by various Service Console utilities. ~ Several security issues were discovered in the way PCRE handles ~ regular expressions. If an application linked against PCRE parsed a ~ malicious regular expression, it may have been possible to run ~ arbitrary code as the user running the application. ~ VMware would like to thank Ludwig Nussel for reporting these issues. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has ~ assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. ~ RPM Updated: ~ pcre-3.9-10.4.i386.rpm ~ b. Updated net-snmp Service Console package addresses denial of service ~ net-snmp is an implementation of the Simple Network Management ~ Protocol (SNMP). SNMP is used by network management systems to ~ monitor hosts. By default ESX has this service enabled and its ports ~ open on the ESX firewall. ~ A flaw was discovered in the way net-snmp handled certain requests. A ~ remote attacker who can connect to the snmpd UDP port could send a ~ malicious packet causing snmpd to crash, resulting in a denial of ~ service. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has ~ assigned the name CVE-2007-5846 to this issue. ~ RPM Updated: ~ net-snmp-5.0.9-2.30E.23.i386.rpm ~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm ~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm ~ c. Updated OpenPegasus Service Console package fixes overflow condition ~ OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise ~ Management (WBEM) broker. These protocols are used by network management ~ systems to monitor and control hosts. By default ESX has this service ~ enabled and its ports open on the ESX firewall. ~ A flaw was discovered in the OpenPegasus CIM management server that ~ might allow remote attackers to execute arbitrary code. OpenPegasus ~ when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC ~ defined, has a stack-based buffer overflow condition. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has ~ assigned the name CVE-2008-0003 to this issue. ~ RPMS updated: ~ cim-smwg-1.0-release-606113.i386.rpm ~ pegasus-2.5-release-606113.i386.rpm 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ~ ESX 3.5 patch ESX350-200803214-UG ~ http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip ~ md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060 ~ http://kb.vmware.com/kb/1003721 ~ RPMS updated with patch ESX350-200803214-UG ~ e2fsprogs-1.32-15.4.i386.rpm ~ net-snmp-5.0.9-2.30E.23.i386.rpm ~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm ~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm ~ pcre-3.9-10.4.i386.rpm ~ libxml2-2.5.10-8.i386.rpm ~ libxml2-python-2.5.10-8.i386.rpm ~ ESX 3.5 patch ESX350-200803201-UG ~ http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip ~ md5sum: 55dee9f4e256b996229ff0c9a5f0f72c ~ http://kb.vmware.com/kb/1003695 ~ RPMS updated with ESX350-200803201-UG ~ cim-smwg-1.0-release-606113.i386.rpm ~ pegasus-2.5-release-606113.i386.rpm 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003 6. Change log 2008-04-15 VMSA-2008-0007 Initial release - ------------------------------------------------------------------- 7. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBVTyS2KysvBH1xkRCMNGAJ9kdOVbJNb9cK7hoyXpPbkSXgqvnwCfaXGz bNkhUejzelQIDSGqZkUDgWY= =jhJt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/