<< Previous Next >>
VMware Workstation
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX for patch info see VMSA-2008-0001
ESX 2.5.4 ESX for patch info see VMSA-2008-0001
* hosted products are VMware Workstation, Player, ACE, Server, Fusion
II Service Console rpm updates
a. net-snmp Security update
Release notes:
https://www.vmware.com/support/ws80/doc/releasenotes_workstation_802.html
VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 912df11644fccac439b6fc5f80af5cdb
sha1sum: 67af885d20a30f6074e2511f89ffff4fee321880
VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 121b026836091e6d06b09588afbbb4ed
ESX 4.1 ESX patch pending
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Oracle (Sun) JRE 1.5.0 family
f. vCenter Server Apache Tomcat update 6.0.35
ESX 3.5 ESX ESX350-200901401-SG
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Updated Service Console package net-snmp
Net-SNMP is an implementation of the Simple Network Management
Protocol (SNMP). SNMP is used by network management systems to
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console package sudo
Service Console package for sudo has been updated to version
sudo-1.6.9p17-3. This fixes the following issue: Sudo versions
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: VMware Workstation and Player: Multiple vulnerabilities
Date: November 18, 2007
Bugs: #193196
ID: 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AFFECTED ENVIRONMENTS
---------------------
The following VMware product versions are known to be affected:
VMware Workstation 7.0.0
VMware Workstation 7.1.5 and earlier
VMware Player 3.1.5 and earlier
VMware ESXi 4.1.0 Update 2 Build 502767 and earlier
Other related versions not tested due to unavailability
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903406-SG
ESX 3.0.2 ESX ESX-1008409
ESX 2.5.5 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Update bind package for the Service Console fixes a security issue.
A flaw was discovered in the way Berkeley Internet Name Domain
(BIND) checked the return value of the OpenSSL DSA_do_verify
Verification........................................................10
======================================================================
1) Affected Software
* VMWare Workstation version 6.5.2 build 156735.
NOTE: Other products and versions may also be affected.
======================================================================
2) Severity
ESX 4.1 ESX not applicable
ESX 4.0 ESX not applicable
ESX 3.5 ESX ESX350-201012408-SG
ESX 3.0.3 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for bzip2
The service console package bzip2 updated to version
1.0.2-14.EL3.
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0016.html or
http://lists.vmware.com/pipermail/security-announce/2008/000037.html)
VMware Player 2.0.4-Build 93057
VMware Server 1.0.6 Build-91891
VMware Workstation 6.0.4 Build-93057
PATCHED SOFTWARE
---------------------
VMware Player 2.0.5-Build 109488
ESX 4.1 ESX patch pending
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console krb5 RPMs
This patch updates the krb5-libs and krb5-workstation RPMs of the
console OS to version 1.6.1-55.el5_6.1, which resolves multiple
-- Affected Products:
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
Verification........................................................10
======================================================================
1) Affected Software
* VMWare Workstation version 6.5.3 build 185404.
NOTE: Other products and versions may also be affected.
======================================================================
2) Severity
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well
type of vulnerability: DoS, potential privilege escalation
I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges.
The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code.
Interestingly the vmstor driver (which is the old version supposed to mount VMware images prior to version 6.0) is not vulnerable.
I have originally reported this vulnerability on 21-May-07 and got response from the VMware security team, but so far the investigation hasn't gone any further and no update has been released.
ESX 4.1 ESX ESX410-201010401-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. Likewise package updates
Updates to the likewisekrb5, likewiseopenldap, likewiseopen,
and pamkrb5 packages address several security issues.
Updated VMware Hosted products, VI Client and patches for ESX and
ESXi resolve multiple security issues.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
On Windows (except Windows Vista), the default pathname for this file is:
C:\Documents and Settings\All Users\Application
Data\VMware\VMware Workstation\settings.ini
On Windows Vista, the default pathname for this file is:
C:\ProgramData\VMware\VMware Workstation\settings.ini
ESX 3.0.3 ESX patch pending
ESX 2.5.5 ESX patch pending
vMA 4.0 RHEL5 patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for acpid to1.0.4-9.el5_4.2
This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.
This version includes the fix for a security issue that was first
Updated VMware Hosted products and patches for ESX and ESXi resolve a
critical security vulnerability.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.3 and earlier,
Updated VMware Hosted products address security issues in libpng and
the Apace HTTP Server.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier
3. Problem Description
Verification........................................................10
======================================================================
1) Affected Software
* VMWare Workstation version 6.5.3 build 185404.
NOTE: Other products and versions may also be affected.
======================================================================
2) Severity
-- Affected Vendors:
VMWare, Inc.
-- Affected Products:
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
VMware hosted products and ESX patches resolve two security issues.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
ESX 4.1 ESX ESX410-201204401-SG
ESX 4.0 ESX patch pending **
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
** Two of the three issues, CVE-2011-3191 and CVE-2011-4348, have
already been addressed on ESX 4.0 in an earlier kernel patch. See
VMSA-2012-0006 for details.
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0018.html or
http://lists.vmware.com/pipermail/security-announce/2008/000042.html)
VMware Player 2.0.5-Build 109488
VMware Server 1.0.7-Build 108231
VMware Workstation 6.0.5-Build 109488
PATCHED SOFTWARE
---------------------
VMware Server 1.0.8-Build 126538
ESX 4.1 ESX ESX410-201104401-SG
ESX 4.0 ESX ESX400-201104401-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. Likewise package update
Updates to the vmware-esx-likewise-openldap and
vmware-esx-likewise-krb5 packages address several security issues.
On Windows (except Windows Vista), the default pathname for this file is:
C:\Documents and Settings\All Users\Application
Data\VMware\VMware Workstation\settings.ini
On Windows Vista, the default pathname for this file is:
C:\ProgramData\VMware\VMware Workstation\settings.ini
ESX any ESX not affected
* vCenter 4.1 and vCenter 4.0 installed on Windows 2008 or Windows
2008 R2 is not affected
** hosted products are VMware Workstation, Player, ACE, Fusion.
b. vCenter Server SOAP ID disclosure
The SOAP session ID can be retrieved by any user that is logged in
to vCenter Server. This might allow a local unprivileged user on
ESX 4.1 ESX patch pending **
ESX 4.0 ESX ESX400-201203401-SG
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
** One of the three issues, CVE-2011-2482, has already been
addressed on ESX 4.1 in an earlier kernel patch. See
VMSA-2012-0001 for details.
<<Previous Next>>
|
