Uočeni su i ispravljeni nedostaci u radu programskih paketa bind, pam i rpm koje napadači mogu iskoristiti za DoS napad, otkrivanje i pregled određenih podataka, te povećanje ovlasti na ranjivom sustavu.
| Paket: | BIND 9.x, pam 0.x, rpm 4.x |
| Operacijski sustavi: | VMware ESX Server 4.x, VMware ESXi 4.x |
| Kritičnost: | 5.6 |
| Problem: | neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | dobivanje većih privilegija, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2010-3613, CVE-2010-3614, CVE-2010-3762, CVE-2010-3316, CVE-2010-3435, CVE-2010-3853, CVE-2010-2059, CVE-2010-3609 |
| Izvorni ID preporuke: | VMSA-2011-0004.2 |
| Izvor: | VMware |
| Problem: | |
| Propusti paketa pam nastaju u funkciji run_coprocess u pam_xauth.c, modulima pam_env, pam_namespace te pam_mai. Nedostatak paketa rpm je vezan uz lib/fsm.c, a paketa bind uz nepravilno rukovanje RRSIG zapisima i DNS upitima. |
|
| Posljedica: | |
| Moguće ih je iskoristiti za DoS napad, otkrivanje i pregled određenih podataka, te povećanje ovlasti na ranjivom sustavu. |
|
| Rješenje: | |
| Preporuča se primjena nadogradnje. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0004.2
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability
and ESX third party updates for Service Console
packages bind, pam, and rpm.
Issue date: 2011-03-07
Updated on: 2011-10-27
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762
CVE-2010-3316 CVE-2010-3435 CVE-2010-3853
CVE-2010-2059 CVE-2010-3609
- ------------------------------------------------------------------------
1. Summary
Service Location Protocol daemon (SLPD) denial of service issue and
ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
2. Relevant releases
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patches ESX410-201101201-SG,
ESX410-201104407-SG and ESX410-201110207-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG,
ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG.
3. Problem Description
a. Service Location Protocol daemon DoS
This patch fixes a denial-of-service vulnerability in
the Service Location Protocol daemon (SLPD). Exploitation of this
vulnerability could cause SLPD to consume significant CPU
resources.
VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi ESXi400-201103401-SG
ESXi 3.5 ESXi not applicable
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX ESX400-201103401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
b. Service Console update for bind
This patch updates the bind-libs and bind-utils RPMs to version
9.3.6-4.P1.el5_5.3, which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3613, CVE-2010-3614, and
CVE-2010-3762 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX ESX410-201104407-SG
ESX 4.0 ESX ESX400-201103407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
c. Service Console update for pam
This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw,
which resolves multiple security issues with PAM modules.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3316, CVE-2010-3435, and
CVE-2010-3853 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX ESX410-201110207-SG
ESX 4.0 ESX ESX400-201103404-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
d. Service Console update for rpm, rpm-libs, rpm-python, and popt
This patch updates rpm, rpm-libs, and rpm-python RPMs to
4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,
which resolves a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2059 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201103406-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMWare ESXi 4.1
---------------
VMWare ESXi 4.1 Installable Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
http://kb.vmware.com/kb/1027919
File type: .iso
MD5SUM: d68d6c2e040a87cd04cd18c04c22c998
SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)
File type: .zip
MD5SUM: 2f1e009c046b20042fae3b7ca42a840f
SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)
File type: .zip
MD5SUM: 67b924618d196dafaf268a7691bd1a0f
SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)
File type: .zip
MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4
SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488
VMware Tools CD image for Linux Guest OSes
File type: .iso
MD5SUM: dad66fa8ece1dd121c302f45444daa70
SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client
File type: .exe
MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e
SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi Installable Update 1 contains the following security bulletins:
ESXi410-201101201-SG.
VMware ESX 4.1
--------------
ESX410-201104001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062017/ESX410-201104001.zip
md5sum: 757c3370ae63c75ef5b2178bd35a4ac3
sha1sum: 95cfdc08e0988b4a0c0c3ea1a1acc1c661979888
http://kb.vmware.com/kb/1035110
ESX410-201104001 contains ESX410-201104407-SG.
VMware ESX 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
https://www.vmware.com/support/pubs/vum_pubs.html
File: ESX-4.1.0-update02-502767.iso
md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110207-SG.
VMware ESX 4.1 Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_1
Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
http://kb.vmware.com/kb/1029353
ESX 4.1 Update 1 (DVD ISO)
File type: .iso
md5sum: b9a275b419a20c7bedf31c0bf64f504e
sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)
File type: .zip
md5sum: 2d81a87e994aa2b329036f11d90b4c14
sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1
File type: .zip
md5sum: 75f8cebfd55d8a81deb57c27def963c2
sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)
File type: .zip
md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2
sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922
VMware Tools CD image for Linux Guest OSes
File type: .iso
md5sum: dad66fa8ece1dd121c302f45444daa70
sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client
File type: .exe
md5sum: cb6aa91ada1289575355d79e8c2a9f8e
sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESX410-Update01 contains the following security bulletins:
ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,
Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904
ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330
ESX410-Update01 also contains the following non-security bulletins
ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,
ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,
ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,
ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,
ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,
ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.
To install an individual bulletin use esxupdate with the -b option.
VMware ESXi 4.0
--------
ESXi400-201103001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677367/ESXi400-201103001.zip
md5sum: a68ef31414573460cdadef4d81fb95d0
sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31
http://kb.vmware.com/kb/1032823
ESXi400-201103001 containes the following security bulletins:
ESXi400-201103401-SG (openssl) | http://kb.vmware.com/kb/1032820
ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821
VMware ESX 4.0
-------
ESX400-201103001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574144/ESX400-201103001.zip
md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8
sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b
http://kb.vmware.com/kb/1032822
ESX400-201103001 containes the following security bulletins:
ESX400-201103401-SG (SLPD, openssl, COS kernel)
| http://kb.vmware.com/kb/1032814
ESX400-201103403-SG (JRE, Tomcat) | http://kb.vmware.com/kb/1032815
ESX400-201103404-SG (pam) | http://kb.vmware.com/kb/1032816
ESX400-201103405-SG (bzip2) | http://kb.vmware.com/kb/1032817
ESX400-201103406-SG (popt/rpm) | http://kb.vmware.com/kb/1032818
ESX400-201103407-SG (bind) | http://kb.vmware.com/kb/1032819
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
- ------------------------------------------------------------------------
6. Change log
2011-03-07 VMSA-2011-0004
Initial security advisory in conjunction with the release of VMware
ESX/ESXi 4.0 patches on 2011-03-07
2011-04-28 VMSA-2011-0004.1
Updated advisory after release of ESX 4.1 patches on 2011-04-28.
2011-10-27 VMSA-2011-0004.2
Updated security advisory with the release of Update 2 for vSphere
Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6qQHEACgkQDEcm8Vbi9kORCQCfWXqW4/UOrsqtlEUTlrbgZWLE
0J4An292nuNPFDYKQbFRsyDSsej/MsER
=o4Be
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.vmware.com/mailman/listinfo/security-announce
Posljednje sigurnosne preporuke