Objavljena je revizija sigurnosne preporuke prvotno objavljene 12.10.2011. U radu ESX i ESXi platformi otkriveno je nekoliko nedostataka koje napadači mogu iskorisititi za otkrivanje osjetljivih informacija, dobivanje većih privilegija, izmjenu podataka i DoS napad.
| Paket: | VMware ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x |
| Operacijski sustavi: | VMware ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x |
| Kritičnost: | 6.5 |
| Problem: | pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika |
| Iskorištavanje: | lokalno/udaljeno |
| Posljedica: | dobivanje većih privilegija, izmjena podataka, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858 |
| Izvorni ID preporuke: | VMSA-2011-0012.2 |
| Izvor: | VMware |
| Problem: | |
| Pronađene su ranjivosti u komponentama: "arch/x86/hvm/vmx/vmcs.c" i" Xen 3.x" te u funkcijama "processcompl_compat", "gfs2_dirent_find_space", "ext4_ext_get_blocks", "tcf_act_police_dump", "snd_ctl_new", "ctp_packet_config", "xfs_ioc_fsgetxattr", "do_io_submit", "io_submit_one", "setup_arg_pages" i kod xfs implementacije. Revizija je objavljena radi izdavanja zakrpe za ESXi 5.0. |
|
| Posljedica: | |
| Navedene ranjivosti zlonamjerni napadači mogu iskoristiti za pregled određenih podataka, povećanje ovlasti na ranjivom sustavu, izmjenu podataka i DoS (eng. Denial of Service) napad. |
|
| Rješenje: | |
| Preporuča se nadogradnja. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0012.2
Synopsis: VMware ESXi and ESX updates to third party libraries
and ESX Service Console
Issue date: 2011-10-12
Updated on: 2011-12-15
CVE numbers: --- COS Kernel ---
CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938,
CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066,
CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296,
CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699,
CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876,
CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072,
CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161,
CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247,
CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255,
CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526,
CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010,
CVE-2011-1090, CVE-2011-1478
--- COS krb5 ---
CVE-2010-1323, CVE-2011-0281, CVE-2011-0282
--- glibc library ---
CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095,
CVE-2011-1658, CVE-2011-1659
--- mtp2sas ---
CVE-2011-1494, CVE-2011-1495
------------------------------------------------------------------------
1. Summary
VMware ESXi and ESX updates to third party libraries and ESX Service
Console address several security issues.
2. Relevant releases
ESXi 5.0 without patch ESXi500-201112401-SG.
ESXi 4.1 without patch ESXi410-201110201-SG.
ESX 4.1 without patches ESX410-201110201-SG and ESX410-201110224-SG.
ESXi 4.0 without patch ESXi400-201110401-SG.
ESX 4.0 without patches ESX400-201110401-SG, ESX400-201110403-SG
and ESX400-201110409-SG.
3. Problem Description
a. ESX third party update for Service Console kernel
This update takes the console OS kernel package to
kernel-2.6.18-238.9.1 which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,
CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015,
CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086,
CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477,
CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865,
CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904,
CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080,
CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158,
CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243,
CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251,
CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346,
CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710,
CVE-2011-1010, CVE-2011-1090 and CVE-2011-1478 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console krb5 RPMs
This patch updates the krb5-libs and krb5-workstation RPMs of the
console OS to version 1.6.1-55.el5_6.1, which resolves multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1323, CVE-2011-0281, and CVE-2011-0282 to
these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110403-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESXi and ESX update to third party component glibc
The glibc third-party library is updated to resolve multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-0296, CVE-2011-0536, CVE-2011-1071,
CVE-2011-1095, CVE-2011-1658, and CVE-2011-1659 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi ESXi500-201112401-SG
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi ESXi400-201110401-SG
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX update to third party drivers mptsas, mpt2sas, and mptspi
The mptsas, mpt2sas, and mptspi drivers are updated which addresses
multiple security issues in the mpt2sas driver.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-1494 and CVE-2011-1495 to these issues.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX ESX410-201110224-SG
ESX 4.0 ESX ESX400-201110409-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESXi 5.0
---------------
ESXi500-201112001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-325-20111212-924952/ESXi500-201112001.zip
md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10
sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d
http://kb.vmware.com/kb/2007671
ESXi500-201112001 contains ESXi500-201112401-SG
VMware ESXi 4.1
---------------
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso
md5sum: 0aa78790a336c5fc6ba3d9807c98bfea
sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip
md5sum: 459d9142a885854ef0fa6edd8d6a5677
sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip
md5sum: 3047fac78a4aaa05cf9528d62fad9d73
sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
--------------
VMware ESX 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso
md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110201-SG and
ESX410-201110224-SG.
VMware ESXi 4.0
---------------
ESXi400-201110001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-315-20111006-920880/ESXi400-201110001.zip
md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3
sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b
http://kb.vmware.com/kb/1036397
ESXi400-201110001 contains ESXi400-201110401-SG
VMware ESX 4.0
--------------
ESX400-201110001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-314-20111006-398488/ESX400-201110001.zip
md5sum: 0ce9cc285ea5c27142c9fdf273443d78
sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399
http://kb.vmware.com/kb/1036391
ESX400-201110001 contains ESX400-201110401-SG, ESX400-201110403-SG
and ESX400-201110409-SG.
5. References
CVE numbers
--- COS Kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478
--- COS krb5 ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
--- glibc library ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
--- mtp2sas ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
------------------------------------------------------------------------
6. Change log
2011-10-12 VMSA-2011-0012
Initial security advisory in conjunction with the release of patches
for ESX 4.0 and ESXi 4.0 on 2011-10-12.
2011-10-27 VMSA-2011-00012.1
Updated security advisory with the release of Update 2 for vSphere
Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
2011-12-15 VMSA-2011-00012.2
Updated security advisory with the release of ESXi 5.0 patches on
2011-12-15.
-----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk7q2MwACgkQDEcm8Vbi9kMdbgCgwGOUBypyHLKHq/b2CPrz1cId
crAAoLvARAmafx8SSxowG5sWBj9IAGT3
=DxJk
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.vmware.com/mailman/listinfo/security-announce
Posljednje sigurnosne preporuke