Detalji

Objavljena je revizija sigurnosne preporuke oznake VMSA-2010-0017, prvotno objavljene 30. studenog 2010. U izvornoj je preporuci opisan je nedostatak vezan uz VMware ESX Server 4.x. Nedostatak je posljedica nepravilnosti u radu funkcije "compat_alloc_user_space()" u datoteci "include/asm/compat.h" na 64-bitnim platformama. Lokalni ga napadač može iskoristiti za stjecanje povećanih ovlasti. Revizija je objavljena zbog izdavanja nadogradnje za inačicu 4.0. Svim se korisnicima savjetuje njezina instalacija.

- ------------------------------------------------------------------------
                  VMware Security Advisory

Advisory ID:       VMSA-2010-0017.1
Synopsis:          VMware ESX third party update for Service Console
                  kernel
Issue date:        2010-11-29
Updated on:        2011-01-04
CVE numbers:       CVE-2010-3081
- ------------------------------------------------------------------------

1. Summary

  ESX Service Console OS (COS) kernel update.

2. Relevant releases

  VMware ESX 4.1 without patch ESX410-201011402-SG
  VMware ESX 4.0 without patch ESX400-201101401-SG

3. Problem Description

 a. Service Console OS update for COS kernel package.

   This patch updates the Service Console kernel to fix a stack
   pointer underflow issue in the 32-bit compatibility layer.

   Exploitation of this issue could allow a local user to gain
   additional privileges.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2010-3081 to this issue.

   Column 4 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware         Product   Running  Replace with/
   Product        Version   on       Apply Patch
   =============  ========  =======  =================
   VirtualCenter  any       Windows  not affected

   hosted *       any       any      not affected

   ESXi           any       ESXi     not affected

   ESX            4.1       ESX      ESX410-201011402-SG
   ESX            4.0       ESX      ESX400-201101401-SG **
   ESX            3.x       ESX      not applicable

 * hosted products are VMware Workstation, Player, ACE, Fusion.
 ** ESX 4.0 patch ESX400-201101401-SG also addresses the issues
   identified by CVE-2010-0415, CVE-2010-0307, CVE-2010-0291,
   CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088.
   These issues have been addressed for ESX 4.1 in an earlier ESX 4.1
   patch release, see VMSA-2010-0016.1 for details.

4. Solution

  Please review the patch/release notes for your product and version
  and verify the md5sum of your downloaded file.

  ESX 4.1
  -------
  ESX410-201011001
  Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-253-20101122-763
417/ESX410-201011001.zip
  md5sum: e73fd3302529c1d85d9cc47457dfb963
  sha1sum: c0e0eac907c04105791ac44e288e7d8076dc14e0
  http://kb.vmware.com/kb/1029400

  ESX410-201011001 contains the following security bulletins:
  ESX410-201011402-SG (COS kernel) | http://kb.vmware.com/kb/1029397

  ESX410-201011001 also contains the following non-security bulletins
  ESX410-201011401-BG

  To install an individual bulletin use esxupdate with the -b option.

  ESX 4.0
  -------
  ESX400-201101001
  Download link:

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-257-20101231-664
659/ESX400-201101001.zip
  md5sum: f1d522b380692e0845eb0dda480ab890
  sha1sum: 906989af3ddacc41321d685c4afe0d740856f9d5
  http://kb.vmware.com/kb/1029426

  ESX400-201101001 contains the following security bulletins:
     ESX400-201101401-SG (COS kernel) | http://kb.vmware.com/kb/1029424
     ESX400-201101405-SG (glibc)      | http://kb.vmware.com/kb/1029881
     ESX400-201101404-SG (sudo)       | http://kb.vmware.com/kb/1029421
     ESX400-201101402-SG (openldap)   | http://kb.vmware.com/kb/1029423

  ESX400-201101405-SG, ESX400-201101404-SG and ESX400-201101402-SG
  are documented in VMSA-2011-0001.

  To install an individual bulletin use esxupdate with the -b option.


5. References

  CVE numbers
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

- ------------------------------------------------------------------------

6. Change log

2010-11-29  VMSA-2010-0017
Initial security advisory after release of patches for ESX 4.1
on 2010-11-29
2011-01-04  VMSA-2010-0017.1
Updated security advisory in conjunction with the release of patches
for ESX 4.0 on 2011-01-04

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

 * security-announce at lists.vmware.com
 * bugtraq at securityfocus.com
 * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNJBJQS2KysvBH1xkRAj5eAJ9qF7sRzooi13kV9oGstDAZaWV3YwCeNIhm
UXENer7FAURMTG3nDWz9vno=
=fB+Q
-----END PGP SIGNATURE-----

Idi na vrh