Tech Talk

[VMSA-2011-0009 VMware multiple security issues]

FYI...

VMSA-2011-0009 VMware multiple security issues...
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, CVE-2011-2217...
Problem Description: VMware vmkernel third party e1000 Driver Packet Filter Bypass
There is an issue in the e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters...

- http://secunia.com/advisories/44826/
- http://secunia.com/advisories/44837/
- http://secunia.com/advisories/44838/
- http://secunia.com/advisories/44839/
- http://secunia.com/advisories/44840/
Jun 3 2011

- http://www.securitytracker.com/id/1025601
- http://www.securitytracker.com/id/1025602
Jun 3 2011

 

[VMSA-2011-0010 - VMware ESX third party updates - Svc Console pkgs]

FYI...

VMSA-2011-0010 - VMware ESX third party updates - Svc Console pkgs...
- http://www.vmware.com/security/advisories/VMSA-2011-0010.html
2011-07-28
CVE numbers: CVE-2010-0296, CVE-2011-0536, CVE-2011-0997, CVE-2011-1071, CVE-2011-1095
Summary: ESX Service Console OS (COS) updates to remediate vulnerabilities in glibc and dhcp... update for the console OS kernel package resolves four security issues...

- http://secunia.com/advisories/45467/
Release Date: 2011-07-29
Criticality level: Moderately critical
Impact: Privilege escalation, DoS, System access
Where: From local network ...
... The updates also include a fix for a regression introduced due to an earlier update not properly fixing CVE-2010-3847.
Solution: Apply patches if available...

 

[VMware vFabric tc Server vuln - updated]

FYI...

VMware vFabric tc Server vuln - updated
- http://www.securitytracker.com/id/1025923
Updated:  Aug 12 2011
CVE Reference: CVE-2011-0527
Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01
... Version 2.5.x is not affected.
Solution: The vendor has issued a fix (2.0.6.RELEASE, 2.1.2.RELEASE)...

- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vfabric_tc_server/2_1

- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vfabric_tc_server/2_0

 

[VMSA-2011-0011 VMware hosted products address remote code execution vuln]

FYI...

VMSA-2011-0011 VMware hosted products address remote code execution vuln
- http://www.vmware.com/security/advisories/VMSA-2011-0011.html
2011-10-04
CVE numbers: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3868
1. Summary: Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled
2. Relevant releases:
   VMware Workstation 7.1.4 and earlier
   VMware Player 3.1.4 and earlier
   VMware Fusion 3.1.2 and earlier ...

- https://secunia.com/advisories/46241/
Release Date: 2011-10-05
Criticality level: Moderately critical
Impact: System access
Where: From remote...
Solution: Update to version 7.1.5, 3.1.5, or 3.1.3...

- http://www.securitytracker.com/id/1026139
CVE Reference: CVE-2011-3868
Oct 5 2011
Impact: Execution of arbitrary code via network, User access via network...
Version(s): Workstation 7.1.4 and prior, Player 3.1.4 and prior, Fusion 3.1.2 and prior...

 

[VMSA-2011-0012 - VMware ESXi and ESX updates]

FYI...

VMSA-2011-0012 - VMware ESXi and ESX updates...
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Issue date: 2011-10-12
CVE numbers:
COS Kernel --- CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090, CVE-2011-1478
COS krb5 --- CVE-2010-1323, CVE-2011-0281, CVE-2011-0282
glibc library --- CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659
mtp2sas --- CVE-2011-1494, CVE-2011-1495 ...

- https://secunia.com/advisories/46397/
Release Date: 2011-10-13
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0012):
http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 

[VMSA-2011-0013 - VMware third party component updates]

FYI...

VMSA-2011-0012.1
VMware ESXi and ESX updates to third party libraries and ESX Service Console
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Updated on: 2011-10-27

VMSA-2011-0009.2
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Updated on: 2011-10-27

VMSA-2011-0010.2
VMware ESX third party updates for Service Console packages glibc and dhcp
- http://www.vmware.com/security/advisories/VMSA-2011-0010.html
Updated on: 2011-10-12
___

VMSA-2011-0013 - VMware third party component updates...
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- http://www.vmware.com/security/advisories/VMSA-2011-0013.html
2011-10-27
Summary: Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues...
CVE numbers:    --- openssl ---
CVE-2008-7270 CVE-2010-4180
     --- libuser ---
CVE-2011-0002
     --- nss, nspr ---
CVE-2010-3170 CVE-2010-3173
     --- Oracle (Sun) JRE 1.6.0 ---
CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476
     --- Oracle (Sun) JRE 1.5.0 ---
CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865
     --- SFCB ---
CVE-2010-2054 ...
(See "Download links" and "Release Notes")

- https://secunia.com/advisories/46650/
Release Date: 2011-10-28
Criticality level: Highly critical
Impact: System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

- https://secunia.com/advisories/46651/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

- https://secunia.com/advisories/46529/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware.com/pipermail/security-announce/2011/000149.html

 

[VMSA-2011-0014 VMware vCenter Update Manager]

FYI...

VMSA-2011-0014 VMware vCenter Update Manager
VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
- http://www.vmware.com/security/advisories/VMSA-2011-0014.html
2011-11-17
Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability Server, vSphere Update Manager, ESXi and ESX
CVE numbers: CVE-2011-4404
Summary: Configuration update for VMware vSphere Update Manager's third party Jetty Web server component addresses directory traversal vulnerability.
Relevant releases:
vCenter Update Manager 4.1 prior to Update 2
vCenter Update Manager 4.0 prior to Update 4 ...
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
Release Notes:
https://www.vmware.com/support/pubs/vum_pubs.html

- http://www.securitytracker.com/id/1026341
CVE Reference: CVE-2011-4404
Date: Nov 18 2011
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VMware vCenter Update Manager 4.0 prior to Update 4, 4.1 prior to Update 2
___

VMSA-2011-0013.1...
- http://www.vmware.com/security/advisories/VMSA-2011-0013.html
Synopsis: VMware third party component updates for VMware vCenter
Updated on: 2011-11-17
Change log: 2011-11-17 VMSA-2011-0013.1 Update of security advisory after the release of Update 4 for vCenter Server 4.0, vSphere Update Manager 4.0, vSphere Hypervisor (ESXi) 4.0 and ESX 4.0 on 2011-11-17.

VMSA-2011-0012.1...
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Updated on: 2011-10-27
Change log: 2011-10-27 VMSA-2011-00012.1 Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.

 

[VMSA-2011-0009.3 VMware]

FYI...

VMSA-2011-0009.3 VMware...
- http://www.vmware.com/security/advisories/VMSA-2011-0009.html
Updated on: 2011-12-15
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536 CVE-2010-1188 CVE-2009-3080 CVE-2010-2240 CVE-2011-2146 CVE-2011-1787 CVE-2011-2145 CVE-2011-2217
Summary: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues..."

 

[VMSA-2012-0001]

FYI...

VMSA-2012-0001
- http://www.vmware.com/security/advisories/VMSA-2012-0001.html
Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console
Issue date: 2012-01-30 ...
... -many- CVE's/updates - see the site.

VMware ESXi Server fixes/updates
- https://secunia.com/advisories/47758/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
... vulnerabilities are reported in versions 4.0 and 4.1...

VMware ESXi Server Python fixes/updates
- https://secunia.com/advisories/47608/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote...
... vulnerabilities are reported in the versions 3.5, 4.0, 4.1, and 5.0...
___

VMSA-2011-0004.3
- http://www.vmware.com/security/advisories/VMSA-2011-0004.html
Issue date: 2011-03-07
Updated on: 2012-01-30

 

[VMSA-2012-0002 - VMware vCenter Chargeback Mgr vuln]

FYI...

VMSA-2012-0002 - VMware vCenter Chargeback Mgr vuln
- http://www.securitytracker.com/id/1026778
Date: Mar 9 2012
CVE Reference: CVE-2012-1472
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
Version(s): prior to 2.0.1
Vendor URL: http://www.vmware.com/security/advisories/VMSA-2012-0002.html
... VMware vCenter Chargeback Manager prior to version 2.0.1

VMSA-2012-0003 - VMware VirtualCenter Update and ESX 3.5 patch update JRE
- http://www.vmware.com/security/advisories/VMSA-2012-0003.html
Summary: VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE...
Issue date: 2012-03-08
___

VMware New and Updated Advisories
- https://isc.sans.edu/diary.html?storyid=12754
Last Updated: 2012-03-09 22:22:12 UTC

 

[VMSA-2012-0004 - VMware View privilege escalation and cross-site scripting]

FYI...

VMSA-2012-0004 - VMware View privilege escalation and cross-site scripting
- http://www.vmware.com/security/advisories/VMSA-2012-0004.html
2012-03-15
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Problem Description: The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops...

- http://www.securitytracker.com/id/1026814
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Version(s): View 4.6.0 and prior ...

VMSA-2012-0005...
- http://www.vmware.com/security/advisories/VMSA-2012-0005.html
Issue date: 2012-03-15
Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues...

- http://www.securitytracker.com/id/1026815
Date: Mar 16 2012
CVE Reference: CVE-2012-1514
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vShield Manager 4.0, 4.1 ...

- http://www.securitytracker.com/id/1026816
Date: Mar 16 2012
CVE Reference: CVE-2012-1513
Impact: Disclosure of authentication information
Version(s): vCO 4.0, 4.1, 4.2 ...

- http://www.securitytracker.com/id/1026817
Date: Mar 16 2012
CVE Reference: CVE-2012-1512
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vSphere 4.1, 5.0 ...

- http://www.securitytracker.com/id/1026818
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1510
Impact: Execution of arbitrary code via local system, User access via local system
Version(s): ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ...
___

VMware New and Updated Security Advisories
- https://isc.sans.edu/diary.html?storyid=12802
Last Updated: 2012-03-16 11:17:17 UTC

 

[VMSA-2012-0006 - VMware ESXi and ESX]

FYI...

VMSA-2012-0006 - VMware ESXi and ESX
- http://www.vmware.com/security/advisories/VMSA-2012-0006.html
2012-03-29
CVE numbers: CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862
Summary: VMware ESXi and ESX address several security issues.
Relevant releases:
ESXi 4.1 without patch ESXi410-201101201-SG
ESXi 4.0 without patch ESXi400-201203401-SG
ESXi 3.5 without patch ESXe350-201203401-I-SG
ESX 4.1 without patch ESX410-201101201-SG
ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
ESX 3.5 without patch ESX350-201203401-SG
a. VMware ROM Overwrite Privilege Escalation...
b. ESX third party update for Service Console kernel...
c. ESX third party update for Service Console krb5 RPM...

VMware ESX Server vuln...
- https://secunia.com/advisories/48612/
Release Date: 2012-03-30
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
Operating System: VMware ESX Server 4.x
CVE Reference(s): CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862

- https://secunia.com/advisories/48669/
Release Date: 2012-03-30
Criticality level: Less critical
Impact:   Privilege escalation
Where: Local system ...
Operating System: VMware ESX Server 3.x, 4.x, VMware ESXi 3.x, 4.x
CVE Reference(s): CVE-2012-1515

- http://www.securitytracker.com/id/1026875
CVE Reference: CVE-2012-1515
Date: Mar 30 2012
Impact: Root access via local system, User access via local system
Version(s): ESX and ESXi 3.5, 4.0, 4.1...
Solution: The vendor has issued a fix...

 

[VMSA-2012-0007 - VMware hosted products and ESXi/ESX patches]

FYI...

VMSA-2012-0007 - VMware hosted products and ESXi/ESX patches...
- http://www.vmware.com/security/advisories/VMSA-2012-0007.html
2012-04-12
CVE numbers: CVE-2012-1518
1. Summary: VMware hosted products and ESXi/ESX patches address privilege escalation.
2. Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
3. Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation...

- http://www.securitytracker.com/id/1026922
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): Workstation 8.0.1 and prior; Player 4.0.1 and prior; Fusion 4.1.1 and prior
Solution: The vendor has issued a fix (Workstation 8.0.2, Player 4.0.2, Fusion 4.1.2).
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0007.html

- http://www.securitytracker.com/id/1026923
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): 3.5, 4.0, 4.1; ESXi 5.0
Impact: A local user on a Windows guest operating system can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix.
ESXi 5.0: ESXi500-201203102-SG
ESXi 4.1: ESXi410-201201402-BG
ESXi 4.0: ESXi400-201203402-BG
ESXi 3.5: ESXe350-201203402-T-BG
ESX 4.1: ESX410-201201401-SG
ESX 4.0: ESX400-201203401-SG
ESX 3.5: ESX350-201203402-BG
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0007.html

 

[VMware Security Note]

FYI...

VMware Security Note
- http://blogs.vmware.com/security/2012/04/vmware-security-note.html
April 24, 2012 - "Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

> http://h-online.com/-1559794
26 April 2012

> http://www.theinquirer.net/inquirer/news/2170503/hardcore-charlie-disputes-downplaying-vmware-code
Apr 26 2012

> http://www.theregister.co.uk/2012/04/25/vmware_source_code_leak/
25 April 2012

 

[VMSA-2012-0008]

FYI...

VMSA-2012-0008 - VMware ESX updates to ESX Service Console
- http://www.vmware.com/security/advisories/VMSA-2012-0008.html
Synopsis: VMware ESX updates to ESX Service Console
Issue date: 2012-04-26
CVE numbers: CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3191, CVE-2011-4348, CVE-2012-0028, CVE-2011-3905, CVE-2011-3919
Relevant releases: ESX 4.1 without patches ESX410-201204401-SG,ESX410-201204402-SG...

- https://secunia.com/advisories/48959/
Release Date: 2012-04-27
Criticality level: Highly critical
Impact: Privilege escalation, DoS, System access
Where: From remote
... vulnerabilities are reported in versions 4.1 and 4.0.
Solution: Apply patches...
Original Advisory: VMSA-2012-0008:
http://www.vmware.com/security/advisories/VMSA-2012-0008.html