Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0747 -- [VMware ESX] Updated ESX packages address several security issues 3 November 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESX 3.5 VMware ESX 3.0.2 VMware ESX 3.0.1 VMware ESX 2.5.5 VMware ESX 2.5.4 Publisher: VMWare Operating System: VMWare ESX Server Impact: Execute Arbitrary Code/Commands Increased Privileges Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2008-1669 CVE-2008-1375 CVE-2008-1367 CVE-2008-1105 CVE-2008-0007 CVE-2007-6206 CVE-2007-6151 CVE-2007-5001 CVE-2006-4814 Ref: AL-2008.0064 ESB-2008.0470 Revision History: November 3 2008: Patches released for VMware ESX 2.5.5, ESX 2.5.4 September 1 2008: Patches released for VMware ESX 3.0.2, ESX 3.0.1 August 15 2008: Further patches released July 29 2008: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0011.3 Synopsis: Updated ESX service console packages for Samba and vmnix Issue date: 2008-07-28 Updated on: 2008-10-31 CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206 CVE-2008-0007 CVE-2008-1367 CVE-2008-1375 CVE-2008-1669 CVE-2006-4814 CVE-2008-1105 - - ------------------------------------------------------------------- 1. Summary: Updated ESX packages address several security issues. 2. Relevant releases: VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and ESX350-200806218-UG (samba) VMware ESX 3.0.2 without patch ESX-1006029 VMware ESX 3.0.1 without patch ESX-1006028 VMware ESX 2.5.5 before Upgrade Patch 10 VMware ESX 2.5.4 before Upgrade Patch 21 NOTE: Extended support (Security and Bug fixes) for ESX 3.0.2 ends on 10/29/2008 and Extended support for ESX 3.0.2 Update 1 ends on 8/8/2009. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. Extended Support (Security and Bug fixes) for ESX 3.0.1 has ended on 2008-07-31. The 3.0.1 patches are released in August because there was no patch release in July. 3. Problem description: I Service Console rpm updates a. Security Update to Service Console Kernel This fix upgrades service console kernel version to 2.4.21-57.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not applicable hosted any any not applicable ESXi 3.5 ESXi not applicable ESX 3.5 ESX patch ESX350-200806201-UG ESX 3.0.3 ESX not affected ESX 3.0.2 ESX affected, no update planned ESX 3.0.1 ESX affected, no update planned ESX 2.5.5 ESX not applicable ESX 2.5.4 ESX not applicable b. Samba Security Update This fix upgrades the service console rpm samba to version 3.0.9-1.3E.15vmw The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1105 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not applicable hosted any any not applicable ESXi 3.5 ESXi not applicable ESX 3.5 ESX patch ESX350-200806218-UG ESX 3.0.3 ESX not affected ESX 3.0.2 ESX patch ESX-1006029 ESX 3.0.1 ESX patch ESX-1006028 ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21 4. Solution: Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 3.5 (Samba) http://download3.vmware.com/software/esx/ESX350-200806218-UG.zip md5sum: dfad21860ba24a6322b36041c0bc2a07 http://kb.vmware.com/kb/1005931 ESX 3.5 (vmnix) http://download3.vmware.com/software/esx/ESX350-200806201-UG.zip md5sum: 2888192905a6763a069914fcd258d329 http://kb.vmware.com/kb/1005894 ESX 3.0.3 build 104629 ESX Server 3.0.3 CD image md5sum: c2cda9242c6981c7eba1004e8fc5626d Upgrade package from ESX Server 2.x to ESX Server 3.0.3 md5sum: 0ad8fa4707915139d8b2343afebeb92b Upgrade package from earlier releases of ESX Server 3 to ESX Server 3.0.3 md5sum: ff7f3dc12d34b474b231212bdf314113 release notes: http://www.vmware.com/support/vi3/doc/releasenotes_esx303.html ESX 3.0.2 patch ESX-1006029 http://download3.vmware.com/software/vi/ESX-1006029.tgz md5sum: 08b81541304a3a8a612679e6a50aaa6c http://kb.vmware.com/kb/1006029 ESX 3.0.1 patch ESX-1006028 http://download3.vmware.com/software/vi/ESX-1006028.tgz md5sum: 81e7e5771354340805ba6fb94ac7115a http://kb.vmware.com/kb/1006028 VMware ESX 2.5.5 Upgrade Patch 10 http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz md5sum: 2ee87cdd70b1ba84751e24c0bd8b4621 http://vmware.com/support/esx25/doc/esx-255-200810-patch.html VMware ESX 2.5.4 Upgrade Patch 21 http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz md5sum: d791be525c604c852a03dd7df0eabf35 http://vmware.com/support/esx25/doc/esx-254-200810-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 - - ------------------------------------------------------------------- 6. Change log: 2008-07-28 VMSA-2008-0011 Initial release 2008-08-12 VMSA-2008-0011.1 Added VMware ESX 3.0.3 released on 2008-08-08 2008-08-29 VMSA-2008-0011.2 Added VMware ESX 3.0.2, ESX 3.0.1 released on 2008-08-28 2008-10-31 VMSA-2008-0011.3 Added VMware ESX 2.5.4 and ESX 2.5.5 released on 2008-10-30 - - --------------------------------------------------------------------- 7. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFJCqcjS2KysvBH1xkRAsZiAJ9fwoiwAkri6gkCYsCs6t5ADonrdgCfW6cA qUNrVEVEzsEk+gJGB1yTFww= =UHej - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSQ5IUyh9+71yA2DNAQL2HgP/evZ4lV/nboM+FtQY1CiY9NWjMknd2zUy Z/IXmsZ39UK5NO4kQuBJvdRaJyNvC6oLz3cuzZABfwMxTf5iVwDmoikt3PhwbmgV ijT1PHLhABVIaAE24pcrg3SVwPiTV2MOk511g6EFHbveNO/Lh44KNA7DIlZNePuz bx3UfSLXu68= =C3SC -----END PGP SIGNATURE-----