Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0714
VMware Workstation and Fusion updates address out-of-bounds
memory access vulnerability VMware Security Advisory
17 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Workstation
VMware Fusion
Publisher: VMware
Operating System: Windows
Linux variants
Virtualisation
OS X
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-4901
Original Bulletin:
http://www.vmware.com/security/advisories/VMSA-2017-0005.html
- --------------------------BEGIN INCLUDED TEXT--------------------
VMSA-2017-0005
VMware Workstation and Fusion updates address out-of-bounds memory access
vulnerability VMware Security Advisory
Advisory ID: VMSA-2017-0005
Severity: Critical
Synopsis: VMware Workstation and Fusion updates address critical out-of-bounds
memory access vulnerability
Issue date: 2017-03-14
Updated on: 2017-03-14 (Initial Advisory)
CVE numbers: CVE-2017-4901
1. Summary
VMware Workstation and Fusion updates address critical out-of-bounds
memory access vulnerability.
2. Relevant Products
VMware Workstation Pro / Player VMware Fusion Pro / Fusion
3. Problem Description
a. VMware Workstation and Fusion out-of-bounds memory access vulnerability
The drag-and-drop (DnD) function in VMware Workstation and Fusion has an
out-of-bounds memory access vulnerability. This may allow a guest to execute
code on the operating system that runs Workstation or Fusion.
Workaround On Workstation Pro and Fusion, the issue cannot be exploited if
both the drag-and-drop function and the copy-and-paste (C&P) function are
disabled. Refer to the Reference section on documentation how to disable these
functions. This workaround is not available on Workstation Player.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the identifier CVE-2017-4901 to this issue.
Column 5 of the following table lists the action required to remediate the
vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
========== ========= ======= ========= ============= ==========
Workstation 12.x Any Critical 12.5.4 Disable DnD
Pro and C&P
Workstation 12.x Any Critical 12.5.4 None
Player
Fusion Pro, 8.x Mac OS X Critical 8.5.5 Disable DnD
Fusion and C&P
ESXi Any ESXi N/A Not
affected N/A
4. Solution
Please review the patch/release notes for your product and version and verify
the checksum of your downloaded file.
VMware Workstation Pro 12.5.4 Downloads and Documentation
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html
VMware Workstation Player 12.5.4 Downloads and Documentation
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html
VMware Fusion Pro / Fusion 8.5.5 Downloads and Documentation
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4901
Workaround documentation
Workstation Pro Disabling drag-and-drop and copy-and-paste functionality, page
81 and 82
http://pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstation-pro-12-user-guide.pdf
Fusion Disabling drag-and-drop and copy-and-paste functionality, page 135
http://pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-guide.pdf
6. Change log
2017-03-14 VMSA-2017-0005 Initial security advisory in conjunction with the
release of VMware Workstation Pro/Player 12.5.4 and VMware Fusion Pro, Fusion
8.5.5 on 2017-03-14
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWMs/nox+lLeg9Ub1AQgISRAAoSBfMnFrVoI0cmk0MNzke6bulzBnpxS+
SxwYgwuCufFIqQoWpNBKhcSjibwSYQ0nVzu5aMlvxsUfxCltwSOJM+3vkaAzUBWv
KM5e0awq4Nq7VccfwdYWFE9Db+PJax1TMmHPoc5LTvUPuq+9jtnyRhGVmnh2yV5C
gHKpCz7NrXDhPo1+ZuDeANLaREX6VQfWyQauUwbXG74rV79m/FM0tbLJM9yikYtQ
QJshiuBnke8C+5n3Sx3S0iY95yEQ0065uK20RTwLnXOdmDLjn9ZUL1bixxT6E5OP
Uz0z+xDVIOgR19+u15QnpB7F1+EtzS/mWI1R+XpqXO+Pf6k6qkd56ATPl9FORX3i
hmARIXzI9wNJXIGgM+g32O0lEANSe+xg+LwSroSf7jtMH+8cHnjXDvkZt/CqV3u7
KxHfFn4Pz6PM2mPBmCfh9zYCC/knP246wsfKhfNyEe4D8w2BoK/NeJH9oa3SyEdO
PW9kIp+kgyIooF1GOVTPM0x1Rwy25wcqVXpUC9IUK2vxxu+ymhh6rJ2PkJJz9XWz
DXVRJy05ZLErG7/chmUxsgqkC024x6Eb9di0VTAOQX+tg8pKzru0e5j0SymuzZKO
TPsS6hdoO8jgFRghD6OH1LymuKi0uhk7yGXrHJhc7yjOxOcPHJbfvl/apVabmM6a
pk9jUKvCxJs=
=Ot7a
-----END PGP SIGNATURE-----