Tech Talk

[VMSA-2012-0009 - VMware Workstation, Player, ESXi, ESX patches]

FYI...

VMSA-2012-0009 - VMware Workstation, Player, ESXi, ESX patches ...
- http://www.vmware.com/security/advisories/VMSA-2012-0009.html
2012-05-03
Synopsis: VMware Workstation, Player, ESXi and ESX patches address critical security issues
CVE numbers: CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450
Relevant releases: Workstation 8.0.2, Player 4.0.2, Fusion 4.1.2,
ESXi 5.0 without patch ESXi500-201205401-SG,
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
Problem Description: VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
Workaround: Configure virtual machines to use less than 4 GB of memory. Virtual machines that have less than 4GB of memory are not affected.
Mitigation: Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file...
___

- http://h-online.com/-1568119
4 May 2012

 

[VMSA-2012-0010 - VMware vMA security issue]

FYI...

VMSA-2012-0010 - VMware vMA security issue
- http://www.vmware.com/security/advisories/VMSA-2012-0010.html
2012-05-25
CVE numbers: CVE-2012-2752
Summary: VMware vMA addresses a security issue
Relevant releases: vMA 4.0, vMA 4.1, vMA 5 patch 1 (5.0.0.1)
Problem Description: VMware Library file loading Privilege Escalation
A flaw in the way library files are loaded could allow for privilege escalation...
Solution: Please review the patch/release notes for your product and version
vMA 5.0 - http://kb.vmware.com/kb/2021164
vSphere Management Assistant 5.0 Patch 2 (5.0.0.2)

Change log:
VMSA-2012-0010 Initial security advisory in conjunction with the release of vMA 5.0 patch 2 (5.0.0.2) ...
___

VMware vMA Library Loading Privilege Escalation Vuln
- https://secunia.com/advisories/49322/
Release Date: 2012-05-28
Impact: Privilege escalation
Where: Local system
CVE Reference: CVE-2012-2752
... vulnerability is reported in versions prior to 5.0.0.2.
Solution: Update to version 5.0.0.2.

- https://secunia.com/advisories/49300/
Release Date: 2012-05-28
Impact: Privilege escalation
Where: Local system
CVE Reference: CVE-2012-2752
... vulnerability is reported in versions 4.0 and 4.1.
Solution: Upgrade to version 5.0.0.2.

 

[VMSA-2012-0011 - ESXi and ESX patches address security issues]

FYI...

VMSA-2012-0011 - ESXi and ESX patches address security issues
- http://www.vmware.com/security/advisories/VMSA-2012-0011.html
2012-06-14
CVE numbers: CVE-2012-3288, CVE-2012-3289
Summary: VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues...
Change log: 2012-06-14 VMSA-2012-0011 Initial security advisory in conjunction with the release of Workstation 7.1.6, Player 3.1.6, ACE 2.7.6, Workstation 8.0.4, Player 4.0.4, Fusion 4.1.3 and patches for ESXi and ESX 3.5, 4.0, 4.1 and 5.0 on 2012-06-13...

- https://secunia.com/advisories/49430/
Release Date: 2012-06-14
Impact: System access
Where: From remote...
... input validation error when parsing Checkpoint files and can be exploited to execute arbitrary code.
Original Advisory: http://www.vmware.com/security/advisories/VMSA-2012-0011.html

 

[VMSA-2012-0012 VMware ESXi update to third party library]

FYI...

VMSA-2012-0012 VMware ESXi update to third party library
- http://www.vmware.com/security/advisories/VMSA-2012-0012.html
2012-07-12
CVE numbers: CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
1. Summary: VMware ESXi update addresses several security issues.
2. Relevant releases: ESX 5.0 without patch ESXi500-201207101-SG
3. Problem Description: ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses multiple security issues..."

- https://secunia.com/advisories/49858/
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... vulnerabilities are reported in version 5.0
Solution: Apply patch ESXi500-201207001.
Original Advisory: VMSA-2012-0012:
http://www.vmware.com/security/advisories/VMSA-2012-0012.html

- https://secunia.com/advisories/49930/
Release Date: 2012-07-13
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... The vulnerabilities are reported in versions 4.1, 4.0, and 3.5.
Solution: Patches are currently pending.
Original Advisory: VMSA-2012-0012:
http://www.vmware.com/security/advisories/VMSA-2012-0012.html

 

[VMware Workstation/Player multiple vulns]

FYI...

VMware Workstation/Player multiple vulns
- https://secunia.com/advisories/50093/
Release Date: 2012-08-17
Impact: Privilege escalation
Where: Local system
...  vulnerabilities are reported in the following products:
* VMware Workstation -prior- to version 7.1.6.
* VMware Player -prior- to versions 3.1.6.
... For more information see vulnerabilities #1, #3, and #4 in: https://secunia.com/SA49019/
Solution: Update to a fixed version.
Original Advisory: http://www.vmware.com/security/advisories/VMSA-2012-0009.html
VMSA-2012-0009.2
Synopsis: VMware Workstation, Player, Fusion, ESXi and ESX patches address critical security issues
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1516 - 9.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1517 - 9.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2448 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2449 - 9.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2450 - 9.0 (HIGH)
Summary: VMware Workstation, Player, Fusion, ESXi and ESX patches address critical security issues...
Change log: 2012-06-13 VMSA-2012-0009.2 Updated Relevant Releases, Problem Description, and Solution sections to include information regarding updates for Workstation 7 and Fusion 4 in conjunction with the release of Workstation 7.1.6 and Fusion 4.1.3 on 2012-06-13...

Workstation 7.1.6 Release Notes
- https://www.vmware.com/support/ws71/doc/releasenotes_ws716.html

Player 3.1.6 Release Notes
- https://www.vmware.com/support/player31/doc/releasenotes_player316.html
___

>> http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines
20 Aug 2012 - "... threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool... may be the first malware that attempts to spread onto a virtual machine..."

 

[VMSA-2012-0013]

FYI...

VMSA-2012-0013 - VMware vSphere and vCOps updates ...
- http://www.vmware.com/security/advisories/VMSA-2012-0013.html
2012-08-30
Summary: VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities...
CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, CVE-2012-1583
- https://secunia.com/advisories/50473/
Criticality level: Highly critical ...
- https://secunia.com/advisories/50476/
Criticality level: Highly critical ...
- https://secunia.com/advisories/50479/
Criticality level: Highly critical ...

VMSA-2012-0012.1 - VMware ESXi update to third party library
- http://www.vmware.com/security/advisories/VMSA-2012-0012.html
Updated on: 2012-08-30
CVE numbers: CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841 ...

VMSA-2012-0005.1 - VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
- http://www.vmware.com/security/advisories/VMSA-2012-0005.html
Updated on: 2012-06-13
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1512, CVE-2012-1513, CVE-2012-1514, CVE-2011-3190, CVE-2011-3375, CVE-2012-0022, CVE-2010-0405 ...

 

[VMSA-2012-0013.1 - VMware vSphere and vCOps updates to third party libraries]

FYI...

VMSA-2012-0013.1 - VMware vSphere and vCOps updates to third party libraries
- http://www.vmware.com/security/advisories/VMSA-2012-0013.html
Updated on: 2012-09-12
Summary: VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities...
Change log:
2012-08-30 VMSA-2012-0013 Initial security advisory in conjunction with the release of vSphere 4.1 U3 and vCOps 5.0.3 on 2012-08-30.
2012-09-12 VMSA-2012-0013.1 Updated security advisory in conjunction with the release of vSphere 4.0 U4a and ESX 4.0 patches on 2012-09-12...

 

[VMSA-2012-0014 VMware]

FYI...

VMSA-2012-0014 VMware
- http://www.vmware.com/security/advisories/VMSA-2012-0014.html
Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
2012-10-04
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4897
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5050
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5051
... multiple security vulnerabilities.
Relevant releases:
vCenter Operations prior to 5.0.x
vCenter CapacityIQ 1.5.x
Movie Decoder prior to 9.0

- http://www.securitytracker.com/id/1027611
CVE Reference: CVE-2012-4897
Oct 5 2012
Impact: Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (9.0).
... advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0014.html

- http://www.securitytracker.com/id/1027612
CVE Reference: CVE-2012-5050
Oct 5 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Solution: The vendor has issued a fix (5.0).
... advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0014.html

- http://www.securitytracker.com/id/1027613
CVE Reference: CVE-2012-5051
Oct 5 2012
Impact: Disclosure of system information, Disclosure of user information
Solution: The vendor has issued a fix (vCOps 5.0.x).
... advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0014.html

 

[VMware Security Note]

FYI...

VMware Security Note
- https://blogs.vmware.com/security/2012/11/vmware-security-note-3.html
"Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. (For reference: April 24, 2012* and May 3, 2012**). It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.
Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate."

* http://blogs.vmware.com/security/2012/04/vmware-security-note-2.html

** http://blogs.vmware.com/security/2012/05/vmware-security-note.html
___

- https://threatpost.com/en_us/blogs/more-vmware-esx-source-code-posted-online-110412
Nov. 4, 2012

    

[VMSA-2012-0015 VMware Security Advisory]

FYI...

VMSA-2012-0015 VMware Security Advisory
- https://www.vmware.com/security/advisories/VMSA-2012-0015.html
Synopsis: VMware Hosted Products and OVF Tool address security issues
2012-11-08
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3569 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5458 - 8.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5459 - 7.9 (HIGH)
1. Summary: VMware Hosted products and OVFTool patches address several security issues.
2. Relevant releases: OVF Tool 2.1, Workstation 8.0.4, Player 4.0.4 ...

- http://www.securitytracker.com/id/1027742
CVE Reference: CVE-2012-3569, CVE-2012-5458, CVE-2012-5459
Date: Nov 9 2012
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): Workstation 8.0.4, Player 4.0.4, OVF Tool 2.1 ...
Solution: The vendor has issued a fix (Workstation 8.0.5, Player 4.0.5, OVF Tool 3.0.1)...
Vendor URL: http://www.vmware.com/security/advisories/VMSA-2012-0015.html

 

[VMSA-2012-0016 - vSphere API and ESX Service Console]

FYI...

VMSA-2012-0016 - vSphere API and ESX Service Console
- https://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-15
Synopsis: VMware security updates for vSphere API and ESX Service Console
CVE numbers:    --- vSphere API --
     CVE-2012-5703
     --- bind (service console) ---
     CVE-2012-1033, CVE-2012-1667, CVE-2012-3817
     --- python (service console) ---
     CVE-2011-4940, CVE-2011-4944, CVE-2012-1150
     --- expat (service console) ---
     CVE-2012-0876, CVE-2012-1148
     --- nspr and nss (service console) ---
     CVE-2012-0441
Summary: VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates...

- http://www.securitytracker.com/id/1027782
Nov 16 2012
Impact: Denial of service via network
Version(s): 4.1
Description: A vulnerability was reported in VMware ESX/ESXi. A remote user can cause denial of service conditions...
Solution: The vendor has issued a fix...
Vendor URL: https://www.vmware.com/security/advisories/VMSA-2012-0016.html

VMware ESX Server Multiple Vulnerabilities
- https://secunia.com/advisories/51317
Release Date: 2012-11-16
Criticality level: Moderately critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS
Where: From remote...
... vulnerabilities are reported in versions 4.0 and 4.1.
Original Advisory: VMware:
http://www.vmware.com/security/advisories/VMSA-2012-0016.html

VMware ESXi vSphere API Denial of Service Vulnerability
- https://secunia.com/advisories/51263
Release Date: 2012-11-16
Impact: DoS
Where: From local network
... vulnerability is reported in version 4.1.
Original Advisory: VMware:
http://www.vmware.com/security/advisories/VMSA-2012-0016.html

 

[VMSA-2012-0017 - VMware View Server]

FYI...

VMSA-2012-0017 - VMware View Server
- https://www.vmware.com/security/advisories/VMSA-2012-0017.html
Advisory ID: VMSA-2012-0017
Synopsis: VMware View Server directory traversal
Issue date: 2012-12-13
CVE numbers: CVE-2012-5978
1. Summary: VMware View releases address a critical directory traversal vulnerability in the View Connection Server and View Security Server.
2. Relevant releases
- VMware View 5.x prior to version 5.1.2
- VMware View 4.x prior to version 4.6.2
3. Problem Description
a. VMware View Server directory traversal: VMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.
Workarounds: This vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View.
Customers who are unable to immediately update their View Servers should consider the following options:
- Disable Security Server: Disabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks. To restore functionality for remote users, allow them to connect to the Connection Server via a VPN.
- Block directory traversal attempts: It may be possible to prevent exploitation of this issue by blocking directory traversal attacks with an intrusion protection system or application layer firewall...
___

- http://www.securitytracker.com/id/1027875
CVE Reference: CVE-2012-5978
Dec 14 2012
Impact: Disclosure of system information, Disclosure of user information
Version(s): 4.x prior to 4.6.2, 5.x prior to 5.1.2
Impact: A remote user can view arbitrary files on the target system.
Solution: The vendor has issued a fix (View Server 4.6.2, 5.1.2)...

- https://secunia.com/advisories/51597/
Release Date: 2012-12-14
Criticality level: Moderately critical
Impact: Exposure of sensitive information
Where: From remote...
CVE Reference: CVE-2012-5978
Solution: Update to version 5.1.2 or 4.6.2. 

 

[VMSA-2012-0018 - security updates for vCSA and ESXi]

FYI...

VMSA-2012-0018 - security updates for vCSA and ESXi
- https://www.vmware.com/security/advisories/VMSA-2012-0018.html
Synopsis: VMware security updates for vCSA and ESXi
Issue date: 2012-12-20
Summary: VMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities
Relevant releases: vCenter Server Appliance 5.1 without Patch 1, vCenter Server Appliance 5.0 without Update 2, VMware ESXi 5.1 without patch ESXi510-201212101, VMware ESXi 5.0 without patch ESXi500-201212101
Solution: ESXi and ESX - The download for ESXi -includes- vCenter Server Appliance...
ESXi 5.1: http://kb.vmware.com/kb/2035775
ESXi 5.0: http://kb.vmware.com/kb/2033751 ...
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

- https://secunia.com/advisories/51555/
Release Date: 2012-12-21
Criticality level: Moderately critical
Impact: Privilege escalation, DoS, System access
Where: From remote
CVE Reference(s): CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
...  vulnerabilities are reported in versions 5.1 and 5.0.
Solution: Apply patches.
Original Advisory: https://www.vmware.com/security/advisories/VMSA-2012-0018.html

- https://secunia.com/advisories/46859/
Release Date: 2012-12-21
Impact:   Exposure of sensitive information
Where: From local network
CVE Reference(s): CVE-2012-6324, CVE-2012-6325
Original Advisory: https://www.vmware.com/security/advisories/VMSA-2012-0018.html
___

VMSA-2012-0013.2
- https://www.vmware.com/security/advisories/VMSA-2012-0013.html
Change log: 2012-12-20 VMSA-2012-0013.2
Updated security advisory in conjunction with the release of vCenter Server, ESX 5.0 Update 2 on 2012-12-20.

 

[VMSA-2013-0001 VMware]

FYI...

VMSA-2013-0001 VMware vSphere security updates... third party libraries
- https://www.vmware.com/security/advisories/VMSA-2013-0001.html
2013-01-31
CVE numbers:  vSphere authentication CVE-2013-1405
- libxml2 CVE-2011-3102, CVE-2012-2807
- bind (service console) CVE-2012-4244
- xslt (service console) CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871
Summary: VMware vSphere security updates for the authentication service and third party libraries
Relevant releases:
vCenter Server 4.1 without Update 3a
vSphere Client 4.1 without Update 3a
ESXi 4.1 without patch ESXi410-201301401-SG
ESX 4.1 without patches ESX410-201301401-SG, ESX410-201301402-SG,
ESX410-201301403-SG, and ESX410-201301405-SG
Problem Description: VMware vSphere client-side authentication memory corruption vulnerability...
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3a_rel_notes.html ...

 

[VMSA-2013-0002 Workstation, Fusion, and View 'VMCI.SYS' Driver Flaw]

FYI...

VMSA-2013-0002 Workstation, Fusion, and View 'VMCI.SYS' Driver Flaw...
- http://www.securitytracker.com/id/1028100
CVE Reference: CVE-2013-1406
Feb 8 2013
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 8.x prior to 8.0.5, Workstation 9.0; Fusion 4.x prior to 4.1.4 and 5.x prior to 5.0.2; View 4.x prior to 4.6.2, 5.x prior to 5.1.2 ...
Solution: The vendor has issued a fix (Workstation 8.0.5, 9.0.1; Fusion 4.1.4, 5.0.2; View 4.6.2, 5.1.2).

VMSA-2013-0002 ESX/ESXi 'VMCI.SYS' Driver Flaw...
- http://www.securitytracker.com/id/1028101
CVE Reference: CVE-2013-1406
Feb 8 2013
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX/ESXi 4.0, 4.1, ESXi 5.0, 5.1
Solution: The vendor has issued a fix.
ESXi 5.1: ESXi510-201212102-SG, ESXi 5.0: ESXi500-201212102-SG, ESXi 4.1: ESXi410-201211402-BG, ESXi 4.0: ESXi400-201302402-SG. ESX 4.1: ESX410-201211401-SG, ESX 4.0: ESX400-201302401-SG
...The vendor's advisory is available at:
- http://www.vmware.com/security/advisories/VMSA-2013-0002.html

VMSA-2013-0001.1
- https://www.vmware.com/security/advisories/VMSA-2013-0001.html
2013-02-07 VMSA-2013-0001.1
Updated security advisory to include vCenter 4.0 Update 4b and patches for ESX 4.0.