Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0714 VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability VMware Security Advisory 17 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware Workstation VMware Fusion Publisher: VMware Operating System: Windows Linux variants Virtualisation OS X Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-4901 Original Bulletin: http://www.vmware.com/security/advisories/VMSA-2017-0005.html - --------------------------BEGIN INCLUDED TEXT-------------------- VMSA-2017-0005 VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability VMware Security Advisory Advisory ID: VMSA-2017-0005 Severity: Critical Synopsis: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability Issue date: 2017-03-14 Updated on: 2017-03-14 (Initial Advisory) CVE numbers: CVE-2017-4901 1. Summary VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability. 2. Relevant Products VMware Workstation Pro / Player VMware Fusion Pro / Fusion 3. Problem Description a. VMware Workstation and Fusion out-of-bounds memory access vulnerability The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. Workaround On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled. Refer to the Reference section on documentation how to disable these functions. This workaround is not available on Workstation Player. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4901 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ========= ============= ========== Workstation 12.x Any Critical 12.5.4 Disable DnD Pro and C&P Workstation 12.x Any Critical 12.5.4 None Player Fusion Pro, 8.x Mac OS X Critical 8.5.5 Disable DnD Fusion and C&P ESXi Any ESXi N/A Not affected N/A 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Workstation Pro 12.5.4 Downloads and Documentation https://www.vmware.com/go/downloadworkstation https://www.vmware.com/support/pubs/ws_pubs.html VMware Workstation Player 12.5.4 Downloads and Documentation https://www.vmware.com/go/downloadplayer https://www.vmware.com/support/pubs/player_pubs.html VMware Fusion Pro / Fusion 8.5.5 Downloads and Documentation https://www.vmware.com/go/downloadfusion https://www.vmware.com/support/pubs/fusion_pubs.html 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4901 Workaround documentation Workstation Pro Disabling drag-and-drop and copy-and-paste functionality, page 81 and 82 http://pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstation-pro-12-user-guide.pdf Fusion Disabling drag-and-drop and copy-and-paste functionality, page 135 http://pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-guide.pdf 6. Change log 2017-03-14 VMSA-2017-0005 Initial security advisory in conjunction with the release of VMware Workstation Pro/Player 12.5.4 and VMware Fusion Pro, Fusion 8.5.5 on 2017-03-14 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWMs/nox+lLeg9Ub1AQgISRAAoSBfMnFrVoI0cmk0MNzke6bulzBnpxS+ SxwYgwuCufFIqQoWpNBKhcSjibwSYQ0nVzu5aMlvxsUfxCltwSOJM+3vkaAzUBWv KM5e0awq4Nq7VccfwdYWFE9Db+PJax1TMmHPoc5LTvUPuq+9jtnyRhGVmnh2yV5C gHKpCz7NrXDhPo1+ZuDeANLaREX6VQfWyQauUwbXG74rV79m/FM0tbLJM9yikYtQ QJshiuBnke8C+5n3Sx3S0iY95yEQ0065uK20RTwLnXOdmDLjn9ZUL1bixxT6E5OP Uz0z+xDVIOgR19+u15QnpB7F1+EtzS/mWI1R+XpqXO+Pf6k6qkd56ATPl9FORX3i hmARIXzI9wNJXIGgM+g32O0lEANSe+xg+LwSroSf7jtMH+8cHnjXDvkZt/CqV3u7 KxHfFn4Pz6PM2mPBmCfh9zYCC/knP246wsfKhfNyEe4D8w2BoK/NeJH9oa3SyEdO PW9kIp+kgyIooF1GOVTPM0x1Rwy25wcqVXpUC9IUK2vxxu+ymhh6rJ2PkJJz9XWz DXVRJy05ZLErG7/chmUxsgqkC024x6Eb9di0VTAOQX+tg8pKzru0e5j0SymuzZKO TPsS6hdoO8jgFRghD6OH1LymuKi0uhk7yGXrHJhc7yjOxOcPHJbfvl/apVabmM6a pk9jUKvCxJs= =Ot7a -----END PGP SIGNATURE-----