Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0229 -- [VMware ESX] VMware ESX server security updates 5 April 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESX 3.0.1 without patches ESX-2559638, ESX-1161870, ESX-3416571, ESX-5011126, ESX-7737432, ESX-7780490, ESX-8174018, ESX-8852210, ESX-9617902, ESX-9916286 VMware ESX 3.0.0 without patches ESX-1121906, ESX-131737, ESX-1870154, ESX-392718, ESX-4197945, ESX-4921691, ESX-5752668, ESX-7052426, ESX-3616065 Publisher: VMWare Operating System: VMWare ESX Server Impact: Execute Arbitrary Code/Commands Overwrite Arbitrary Files Inappropriate Access Denial of Service Access: Existing Account CVE Names: CVE-2007-1271 CVE-2007-1270 CVE-2006-4810 CVE-2005-3011 CVE-2005-2096 CVE-2005-1849 CVE-2005-1704 CVE-2003-0107 Comment: VMWare has not disclosed whether these vulnerabilities (CVE-2007-1271 and CVE-2007-1270) are remotely exploitable. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2007-0003 Synopsis: VMware ESX 3.0.1 and 3.0.0 server security updates Issue date: 2007-04-02 Updated on: 2007-04-02 CVE numbers: CVE-2005-3011 CVE-2006-4810 CVE-2007-1270 CVE-2007-1271 CVE-2005-2096 CVE-2005-1849 CVE-2003-0107 CVE-2005-1704 - - ------------------------------------------------------------------- 1. Summary: ESX 3.0.1 and 3.0.0 patches address several security issues. 2. Relevant releases: VMware ESX 3.0.1 without patches ESX-2559638, ESX-1161870, ESX-3416571, ESX-5011126, ESX-7737432, ESX-7780490, ESX-8174018, ESX-8852210, ESX-9617902, ESX-9916286 VMware ESX 3.0.0 without patches ESX-1121906, ESX-131737, ESX-1870154, ESX-392718, ESX-4197945, ESX-4921691, ESX-5752668, ESX-7052426, ESX-3616065 3. Problem description: Problems addressed by these patches: a. texinfo service console update Updated texinfo packages for the service console fix two security vulnerabilities are now available. A buffer overflow in the the program texinfo could allow local user to execute arbitrary code in the service console via a crafted texinfo file. And could allow a local user to overwrite arbitrary files via a symlink attack on temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-3011 and CVE-2006-4810 to these issues. ESX 301 Download Patch ESX-2559638 ESX 300 Download Patch ESX-1121906 b. This bundle is a group of patches to resolve two possible security issues. They are as follows: A VMware internal security audit revealed a double free condition. It may be possible for an attacker to influence the operation of the system. In most circumstances, this influence will be limited to denial of service or information leakage, but it is theoretically possible for an attacker to insert arbitrary code into a running program. This code would be executed with the permissions of the vulnerable program. There are no known exploits for this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1270 to this issue. A VMware internal security audit revealed a potential buffer overflow condition. There are no known vulnerabilities, but such vulnerabilities may be used to elevate privileges or to crash the application and thus cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1271 to this issue. The following patches are contained within this bundle: ESX 301 ESX 300 ------- -------- ESX-1161870 ESX-131737 ESX-3416571 ESX-1870154 ESX-5011126 ESX-392718 ESX-7737432 ESX-4197945 ESX-7780490 ESX-4921691 ESX-8174018 ESX-5752668 ESX-8852210 ESX-7052426 ESX-9617902 ESX-9976400 ESX 301 Download Patch Bundle ESX-6431040 ESX 300 Download Patch Bundle ESX-5754280 c. This patch updates internally used zlib libraries in order to address potential security issues with older versions of this library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2096, CVE-2005-1849, CVE-2003-0107 to these issues. ESX 301 Download Patch ESX-9916286 ESX 300 Download Patch ESX-3616065 d. binutils service console update NOTE: This vulnerability and update only apply to ESX 3.0.0. A integer overflow in the Binary File Descriptor (BFD) library for the GNU Debugger before version 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. ESX 300 Download Patch ESX-55052 4. Solution: Please review the Patch notes for your version of ESX and verify the md5sum of your downloaded file. ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html md5sum 9ee9d9769dfe2668aa6a4be2df284ea6 http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html md5sum ef6bc745b3d556e0736fd39b8ddc8087 http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html md5sum 7b98cfe1b2e0613c368d4080dcacccb8 ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-55052-patch.html md5sum 8d45e36ec997707ebe68d84841026fef http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html md5sum 02c5bcccea156dd0db93177e5e3fab8b http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html md5sum 90e4face2edaab07080531a37a49ec01 http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html md5sum 82b3c7e18dd1422f30c4aa9e477c6a27 5. References: ESX 3.0.1 Patch URL:http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html Patch URL:http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html Patch URL:http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html Knowledge base URL:http://kb.vmware.com/kb/2559638 Knowledge base URL:http://kb.vmware.com/kb/6431040 Knowledge base URL:http://kb.vmware.com/kb/9916286 ESX 3.0.0 Patch URL:http://www.vmware.com/support/vi3/doc/esx-55052-patch.html Patch URL:http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html Patch URL:http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html Patch URL:http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html Knowledge base URL:http://kb.vmware.com/kb/55052 Knowledge base URL:http://kb.vmware.com/kb/1121906 Knowledge base URL:http://kb.vmware.com/kb/3616065 Knowledge base URL:http://kb.vmware.com/kb/55052 CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704 6. Contact: http://www.vmware.com/security VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html E-mail: security@vmware.com Copyright 2007 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGFAiH6KjQhy2pPmkRCDhvAJ9IdzXG4Ino7NGYPnRvW5ZLFMdhRgCgk1Rr bGpwMyFZk0OMLWyA/L8PODQ= =MjIU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRhR+ayh9+71yA2DNAQIDwgP9HHh562+Kw91WftvDbe4xjmWQaYB8mo+q hO6ChzG4bjDbQM2JNWRXiSydGbO6C0wzZ2uVzWaScVmMFmr5dfeETZy7ysD+zI9D Qwtl/ArEAsst0DZo2fZwnmce5rbFjRPM+SpjseV+YpjGtNu4LKV5Cr5wtBLSf5BK ffuWoevX63M= =DzjB -----END PGP SIGNATURE-----