-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0020 Synopsis: VMware ESXi 4.1 Update Installer SFCB Authentication Flaw Issue date: 2010-12-21 Updated on: 2010-12-21 CVE numbers: CVE-2010-4573 - ------------------------------------------------------------------------ 1. Summary VMware ESXi 4.1 Update Installer might introduce a SFCB Authentication Flaw. 2. Relevant releases VMware ESXi 4.1 if upgraded from ESXi 3.5 or ESXi 4.0 with a modified SFCB configuration file. 3. Problem Description a. ESXi 4.1 Update Installer SFCB Authentication Flaw Under certain conditions, the ESXi 4.1 installer that upgrades an ESXi 3.5 or ESXi 4.0 host to ESXi 4.1 incorrectly handles the SFCB authentication mode. The result is that SFCB authentication could allow login with any username and password combination. An ESXi 4.1 host is affected if all of the following apply: - ESXi 4.1 was upgraded from ESXi 3.5 or ESXi 4.0. - The SFCB configuration file /etc/sfcb/sfcb.cfg was modified prior to the upgrade. - The sfcbd daemon is running (sfcbd runs by default). Workaround A workaround that can be applied to ESXi 4.1 is described in VMware Knowledge Base Article KB 1031761 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4573 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi see KB 1031761 for workaround ** ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX any ESX not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** ESXi 4.1 is only affected if upgraded from ESXi 3.5 or ESXi 4.0 with a modified SFCB configuration file. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESXi 4.1 -------- Workaround described in VMware Knowledge Base Article KB 1031761 http://kb.vmware.com/kb/1031761 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4573 - ------------------------------------------------------------------------ 6. Change log 2010-12-21 VMSA-2010-0020 Initial security advisory after release of VMware knowledge base article that documents workaround on 2010-12-21. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk0RJaQACgkQS2KysvBH1xk5gwCfeuwzOhjNuAQKDY/OGqVevkFk yv4An04Kf4+MQr2Lxg1ObnrhblLZw280 =579r -----END PGP SIGNATURE-----