Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0861
VMware Workstation update addresses elevation of privilege issues
19 March 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Workstation
Publisher: VMWare
Operating System: Linux variants
Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-5512 CVE-2019-5511
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2019-0002.html
- --------------------------BEGIN INCLUDED TEXT--------------------
VMSA-2019-0002
VMware Workstation update addresses elevation of privilege issues
VMware Security Advisory Advisory ID: VMSA-2019-0002
VMware Security Advisory Severity: Important
VMware Security Advisory Synopsis: VMware Workstation update addresses
elevation of privilege issues.
VMware Security Advisory Issue date: 2019-03-14
VMware Security Advisory Updated on: 2018-03-14 (Initial Advisory)
VMware Security Advisory CVE numbers: CVE-2019-5511, CVE-2019-5512
1. Summary
VMware Workstation update addresses elevation of privilege issues.
2. Relevant Products
o VMware Workstation Pro / Player (Workstation)
3. Problem Description
a. The creation of the VMX process on a Windows host can be hijacked leading to
elevation of privilege.
Workstation does not handle paths appropriately. Successful exploitation of
this issue may allow the path to the VMX executable, on a Windows host, to be
hijacked by a non-administrator leading to elevation of privilege.
VMware would like to thank James Forshaw of Google Project Zero for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the identifier CVE-2019-5511 to this issue.
VMware Product Workstation
Product Version 15.x
Running on Windows
Severity Important
Replace with/ Apply Patch 15.0.3
Mitigation/ Workaround None
VMware Product Workstation
Product Version 15.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
VMware Product Workstation
Product Version 14.x
Running on Windows
Severity Important
Replace with/ Apply Patch 14.1.6
Mitigation/ Workaround None
VMware Product Workstation
Product Version 14.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
b. VMware Workstation COM classes used by the VMX process on a Windows host can
be hijacked leading to elevation of privilege.
COM classes are not handled appropriately. Successful exploitation of this
issue may allow hijacking of COM classes used by the VMX process, on a Windows
host, leading to elevation of privilege.
VMware would like to thank James Forshaw of Google Project Zero for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the identifier CVE-2019-5512 to this issue.
VMware Product Workstation
Product Version 15.x
Running on Windows
Severity Important
Replace with/ Apply Patch 15.0.3
Mitigation/ Workaround None
VMware Product Workstation
Product Version 15.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
VMware Product Workstation
Product Version 14.x
Running on Windows
Severity Important
Replace with/ Apply Patch 14.1.6
Mitigation/ Workaround None
VMware Product Workstation
Product Version 14.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
4. Solution
Please review the patch/release notes for your product and version and verify
the checksum of your downloaded file.
VMware Workstation Pro 14.1.6, 15.0.3
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 14.1.6, 15.0.3
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
5. References
https://cve.mitre.org/cgi-bin/cvename.cgi-name=CVE-2018-5511
https://cve.mitre.org/cgi-bin/cvename.cgi-name=CVE-2019-5512
6. Change log
2019-03-14: VMSA-2019-0002
Initial security advisory in conjunction with the release of VMware Workstation
14.1.6 and 15.0.3 on 2019-03-14.
7. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXJAwv2aOgq3Tt24GAQgbJxAAn2ZmsJDS6xYBbrSCzZyGr8uIWOklXq6a
aBmmlZ2lH0weVU8Q11JI7KPu67KsJwNgUZFMnPtCtjnIBnqO/vzHViOK//Mw7U2z
yYfkisvsWy5AQ6oQdK4MF3ZqNdfNpISd9kY+EQr+86Qksa5677xtu7QHromNYn0L
CxLWYdYBIfLQiFZhBkETJx3DM0qeQQmNCrj+CWD2hoUjdSux3qRoI9t105Kc9N+L
ki2MJ++48KWMVWiNuUzXtxoEs67ihfOsPsoIyvUkZ7Je7cogniREmTI05tgIU/Dz
06yJym8iHyy3tIlmtxX5FdV7YHLP4fsPcV9sOl53M2dNRmETxJOOLfxNhuCnhvTw
CKAfPvR2Vaz7wNd+nCrdhgFH+U8/e2yg0M/NAUlal7FyWWncMCoKIGPx6QQK0fNn
6f2TH+SAmDfKgpwEhWEot6adNMwT+PPi8wZphKsMaj+X9PrnHO96+Pdfm9GzPPIq
fg76FM7raU2V+BE7NXauKgsAGxhc7UwuEY+rogw2vxbkpOdEEV5jeHPaQIbps1uC
PA1yIj3G0xFMb9Bmmlvszobc3cxIQLjENasSMVQxm00e+OI0dH+qtf2YZtMMWE2c
sRnD1KGZ92fkTltBoVCH0FJyU6FGPfjIYqA29WOEYz+muGEkuY7iockyommXnBf7
JBvBR8UNEF0=
=P9pt
-----END PGP SIGNATURE-----