Objavljena je revizija sigurnosnog upozorenja oznake VMSA-2012-0009 izdanog 3. svibnja 2012. godine. Izvorna preporuka upozoravala je na ranjivost otkrivenu u više inačica paketa VMware Workstation, Player, ESXi i ESX. Zlonamjernom korisniku spomenuta ranjivost omogućuje izvođenje DoS napada rušenjem VMX procesa ili potencijalno izvršavanje programskog koda.
| Paket: | VMware ESX Server 3.x, VMware ESX Server 4.x, VMware ESXi 3.x, VMware ESXi 4.x, VMware ESXi 5.x, VMware Fusion 3.x, VMware Player 3.x, VMware Workstation 7.x |
| Operacijski sustavi: | VMware ESX Server 3.x, VMware ESX Server 4.x, VMware ESXi 3.x, VMware ESXi 4.x, VMware ESXi 5.x |
| Kritičnost: | 9 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | lokalno/udaljeno |
| Posljedica: | proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450 |
| Izvorni ID preporuke: | VMSA-2012-0009.2 |
| Izvor: | VMware |
| Problem: | |
| Ranjivosti su uzrokovane greškom u upravljaču za RPC naredbe, greškom kod upravljanja NFS prometom, nepravilnom konfiguracijom virtual floppy diska i SCSI uređaja. Revizija je izdana radi dodavanja informacija vezanih uz zakrpe za Workstation 7 i Fusion 4. |
|
| Posljedica: | |
| Propust je moguće iskoristiti za DoS napad rušenjem VMX procesa ili potencijalno izvršavanje programskog koda. |
|
| Rješenje: | |
| Svim se korisnicima savjetuje primjena nadogradnje. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0009.2
Synopsis: VMware Workstation, Player, Fusion, ESXi and ESX patches
address critical security issues
Issue date: 2012-05-03
Updated on: 2012-06-13
CVE numbers: CVE-2012-1516, CVE-2012-1517, CVE-2012-2448,CVE-2012-2449,
CVE-2012-2450
-----------------------------------------------------------------------
1. Summary
VMware Workstation, Player, Fusion, ESXi and ESX patches address
critical security issues
2. Relevant releases
Workstation 8.0.2
Workstation 7.1.5
Player 4.0.2
Player 3.1.5
Fusion 4.1.2
ESXi 5.0 without patch ESXi500-201205401-SG
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG,
ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG,
ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG
3. Problem Description
a. VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is
possible to manipulate data pointers within the VMX process.
This vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host.
Workaround
- Configure virtual machines to use less than 4 GB of memory.
Virtual machines that have less than 4GB of memory are not
affected.
OR
- Disable VIX messages from each guest VM by editing the
configuration file (.vmx) for the virtual machine as described
in VMware Knowledge Base article 1714. Add the following line:
isolation.tools.vixMessage.disable = "TRUE".
Note: This workaround is not valid for Workstation 7.x and
Fusion 3.x
Mitigation
- Do not allow untrusted users access to your virtual machines.
Root or Administrator level permissions are not required to
exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1516 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Workstation 7.x any 7.1.6 or later
Player 4.x any not affected
Player 3.x any 3.1.6 or later
Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi ESXi400-201105201-UG
ESXi 3.5 ESXi ESXe350-201205401-I-SG
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201105201-UG
ESX 3.5 ESX ESX350-201205401-SG
b. VMware host memory overwrite vulnerability (function pointers)
Due to a flaw in the handler function for RPC commands, it is
possible to manipulate function pointers within the VMX process.
This vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host.
Workaround
- None identified
Mitigation
- Do not allow untrusted users access to your virtual machines.
Root or Administrator level permissions are not required to
exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1517 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Workstation 7.x any 7.1.6 or later
Player 4.x any not affected
Player 3.x any 3.1.6 or later
Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201201401-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
c. ESX NFS traffic parsing vulnerability
Due to a flaw in the handling of NFS traffic, it is possible to
overwrite memory. This vulnerability may allow a user with
access to the network to execute code on the ESXi/ESX host
without authentication. The issue is not present in cases where
there is no NFS traffic.
Workaround
- None identified
Mitigation
- Connect only to trusted NFS servers
- Segregate the NFS network
- Harden your NFS server
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2448 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter any Windows not affected
Workstation any any not affected
Player any any not affected
Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi ESXi500-201205401-SG
ESXi 4.1 ESXi ESXi410-201205401-SG
ESXi 4.0 ESXi ESXi400-201205401-SG
ESXi 3.5 ESXi ESXe350-201205401-I-SG
ESX 4.1 ESX ESX410-201205401-SG
ESX 4.0 ESX ESX400-201205401-SG
ESX 3.5 ESX ESX350-201205401-SG
d. VMware floppy device out-of-bounds memory write
Due to a flaw in the virtual floppy configuration it is possible
to perform an out-of-bounds memory write. This vulnerability may
allow a guest user to crash the VMX process or potentially
execute code on the host.
Workaround
- Remove the virtual floppy drive from the list of virtual IO
devices. The VMware hardening guides recommend removing unused
virtual IO devices in general.
Mitigation
- Do not allow untrusted root users in your virtual
machines. Root or Administrator level permissions are required
to exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2449 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any 8.0.3 or later
Workstation 7.x any 7.1.6 or later
Player 4.x any 4.0.3 or later
Player 3.x any 3.1.6 or later
Fusion 4.x Mac OS/X 4.1.3 or later
ESXi 5.0 ESXi ESXi500-201205401-SG
ESXi 4.1 ESXi ESXi410-201205401-SG
ESXi 4.0 ESXi ESXi400-201205401-SG
ESXi 3.5 ESXi ESXe350-201205401-I-SG
ESX 4.1 ESX ESX410-201205401-SG
ESX 4.0 ESX ESX400-201205401-SG
ESX 3.5 ESX ESX350-201205401-SG
e. VMware SCSI device unchecked memory write
Due to a flaw in the SCSI device registration it is possible to
perform an unchecked write into memory. This vulnerability may
allow a guest user to crash the VMX process or potentially
execute code on the host.
Workaround
- Remove the virtual SCSI controller from the list of virtual IO
devices. The VMware hardening guides recommend removing unused
virtual IO devices in general.
Mitigation
- Do not allow untrusted root users access to your virtual
machines. Root or Administrator level permissions are
required to exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2450 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any 8.0.3 or later
Workstation 7.x any 7.1.6 or later
Player 4.x any 4.0.3 or later
Player 3.x any 3.1.6 or later
Fusion 4.x Mac OS/X 4.1.2 or later
ESXi 5.0 ESXi ESXi500-201205401-SG
ESXi 4.1 ESXi ESXi410-201205401-SG
ESXi 4.0 ESXi ESXi400-201205401-SG
ESXi 3.5 ESXi ESXe350-201205401-I-SG
ESX 4.1 ESX ESX410-201205401-SG
ESX 4.0 ESX ESX400-201205401-SG
ESX 3.5 ESX ESX350-201205401-SG
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
Workstation 8.0.3
-----------------
http://www.vmware.com/go/downloadworkstation
Release notes:
https://www.vmware.com/support/ws80/doc/releasenotes_workstation_803.html
VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: c8cabe876ab629f27e47cea02f0d4def
sha1sum: 815c2b2b9b0e5fd089ed19da15a272671eb405bd
VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 968c0785ddb96058e808117730d7c3ad
sha1sum: 08ac903c012ef887bf45b3f9f83a4d3200fe25d1
VMware Workstation for Linux 64-bit with VMware Tools
md5sum: aa9ce2d953f21f9d902de00ffd2fcb5c
sha1sum: b8d189b6717d49abc49401fc4ad50b187ff2e813
Workstation 7.1.6
-----------------
http://www.vmware.com/go/downloadworkstation
Release notes:
https://www.vmware.com/support/ws71/doc/releasenotes_ws716.html
VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: f7856421babd716dace2f0250ae271f7
sha1sum: 9eaf4b17afec36b8a166bad81be851bd8cfda709
VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 18cc162a88d66a78a0114550517cd42d
sha1sum: 5a1ea9c841a2f45c2e2ed07a30b01c18c85f2133
VMware Workstation for Linux 64-bit with VMware Tools
md5sum: c11e4e162fc128cbfe629c8fb60ea733
sha1sum: 627698ac32d039bcafc117f0fb71d7e666ac0c2e
Player 4.0.3
------------
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player40/doc/releasenotes_player403.html
VMware Player for Windows 32-bit and 64-bit
md5sum: f2259a257a5099cdce5e1ce76512f599
sha1sum: 96badcaac81e1dfeaaac49d1a5bb6b1e13956266
VMware Player for Linux 32-bit
md5sum: 4012e897a77a1c69dd18fbcdde6cf269
sha1sum: 1c00cde50dc6c651393c85db6449010cf552c3eb
VMware Player for Linux 64-bit
md5sum: 857edd0695b3b31713f9ea1b0a65f2b6
sha1sum: 83c4365f4b43713e8cee13998c394331990a0fd3
Player 3.1.6
------------
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player31/doc/releasenotes_player316.html
VMware Player for Windows 32-bit and 64-bit
md5sum: 258ca5ac40efa389b0bb221191dbdd65
sha1sum: 691beccb590b7bc34461f78946d752288f2ef4e7
VMware Player for Linux 32-bit
md5sum: 9ed2d89816523ba030f8877c3fb935b9
sha1sum: a16a91dddb6081be314ef5d84708d37fabdd859c
VMware Player for Linux 64-bit
md5sum: d0715a06775c0f92b9d23e031e4af1c6
sha1sum: 5033c1bfecb309b96399410e614c41452c49e8e8
Fusion 4.1.3
------------
http://www.vmware.com/go/downloadfusion
Release Notes:
http://www.vmware.com/support/fusion4/doc/releasenotes_fusion_413.html
VMware Fusion (for Intel-based Macs)
md5sum: 1581b2f1cc0e28f9980c48bab59072bd
sha1sum: f2f58d0b3bfa405c4e6d9f61d51e0d689f8ed34c
ESXi and ESX
------------
http://downloads.vmware.com/go/selfsupport-download
Note: In case multiple patches are listed below, the most recent
patch is listed on top. The most recent patch includes fixes for
the issues that are addressed in the older patches.
ESXi 5.0
--------
ESXi500-201205001
md5sum: 4a1de58656980271d79a32107cba75cf
sha1sum: 5f23b318df3476002877c37f2970093dc2217d75
http://kb.vmware.com/kb/2019857
ESXi500-201205001 contains ESXi500-201205401-SG
ESXi 4.1
--------
ESXi410-201205001
md5sum: 5a37d83fc2a96483c94b3087387b3e9c
sha1sum: 9999f578163ffc9ada809e985a6e5d42b83e2be6
http://kb.vmware.com/kb/2019860
ESXi410-201205001 contains ESXi410-201205401-SG
ESXi410-201201001
md5sum: bdf86f10a973346e26c9c2cd4c424e88
sha1sum: cc0b92869a9aae4f5e0e5b81bee109bcd7da780f
http://kb.vmware.com/kb/2009137
ESXi410-201201001 contains ESXi410-201201401-SG
update-from-esxi4.1-4.1_update02
md5sum:57e34b500ce543d778f230da1d44e412
sha1sum:52f4378e2f1a29c908493182ccbde91d58b4112f
http://kb.vmware.com/kb/2002338
update-from-esxi4.1-4.1_update02 contains ESXi410-201110201-SG
ESXi 4.0
--------
ESXi400-201205001
md5sum: 96808908b8ff82460a6cbd9b4c501dd4
sha1sum: df0256c4ff71f4e7af507e956a496390c7a84597
http://kb.vmware.com/kb/2019855
ESXi400-201205001 contains ESXi400-201205401-SG
update-from-esxi4.0-4.0_update03
md5sum: 01bb395825b55b21ec5ea9a5e2ec2c4b
sha1sum: ca49bbf154278568a71caf1a5288ac9239dfaf7f
http://kb.vmware.com/kb/1031736
update-from-esxi4.0-4.0_update03 contains ESXi400-201105201-UG
ESXi 3.5
--------
ESXe350-201205401-O-SG
md5sum: e2f017e7ef9a1c0ed5e70dbc97ec62d3
sha1sum: 8dab4731acd4e257cc1701aa0a88373727a9e3ae
http://kb.vmware.com/kb/2019538
ESXe350-201205401-O-SG contains ESXe350-201205401-I-SG
ESX 4.1
-------
ESX410-201205001
md5sum: 0445d053cacee38338b6cc57efae093b
sha1sum: 40720a3be86dd3c9e0bed29c95e0f0a4e34e4cce
http://kb.vmware.com/kb/2019859
ESX410-201205001 contains ESX410-201205401-SG
ESX410-201201001
md5sum: 16df9acd3e74bcabc2494bc23ad0927f
sha1sum: 1066ae1436e1a75ba3d541ab65296cfb9ab7a5cc
http://kb.vmware.com/kb/2009080
ESX410-201201001 contains ESX410-201201401-SG
update-from-esx4.1-4.1_update02
md5sum: 96189a6de3797e28b153f89e01d5a15b
sha1sum: b1823d39d0e4536a421fb933f02380bae7ee7a5d
http://kb.vmware.com/kb/2002337
update-from-esx4.1-4.1_update02 contains ESX410-201110201-SG
ESX 4.0
-------
ESX400-201205001
md5sum: ff0451d353916cc5aebdabf15f4941cc
sha1sum: 8485bc41f23e214940e2b618958293ef74eb425f
http://kb.vmware.com/kb/2019853
ESX400-201205001 contains ESX400-201205401-SG
update-from-esx4.0-4.0_update03
md5sum: 329b08d80d56b0965b84251c552970ba
sha1sum: 2e7285d0cbfd666ab9d745a76f639eccb55c1b2a
http://kb.vmware.com/kb/1031732
update-from-esx4.0-4.0_update03 contains ESX400-201105201-UG
ESX 3.5
-------
ESX350-201205401-SG
md5sum: e7d519fccf34a9bd9ff73cbef9247e31
sha1sum: b5a1a50bf116fb900768a8882bc77adb93b3a182
http://kb.vmware.com/kb/2019535
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2450
-----------------------------------------------------------------------
6. Change log
2012-05-03 VMSA-2012-0009
Initial security advisory in conjunction with the release of
Workstation 8.0.3, Player 4.0.3 and patches for ESXi and ESX 3.5,
4.0, 4.1 and 5.0 on 2012-05-03.
2012-05-08 VMSA-2012-0009.1
Added another workaround to section 3.a on 2012-05-08.
2012-06-13 VMSA-2012-0009.2
Updated Relevant Releases, Problem Description, and Solution
sections to include information regarding updates for Workstation 7
and Fusion 4 in conjunction with the release of Workstation 7.1.6 and
Fusion 4.1.3 on 2012-06-13.
-----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFP2W0FDEcm8Vbi9kMRAtpDAJ9la8N6q9ZoKQK6wh+wRBfal63huQCgng8S
baaEMu5btbJqLzu0nGLMbAQ=
=5uG0
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.vmware.com/mailman/listinfo/security-announce
Posljednje sigurnosne preporuke