copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
By Year
»
2011
» ESB-2011.0270.4 - UPDATE [VMware ESX] VMware ESX and...
ESB-2011.0270.4 - UPDATE [VMware ESX] VMware ESX and VMware ESXi: Multiple vulnerabilities
Date:
01 February 2012
References
:
ESB-2010.0598
ESB-2010.1051
ASB-2010.0244
ESB-2011.1114
ESB-2012.0109.3
Related Files:
ESB-2011.0270
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0270.4 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm 1 February 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi 4.1 VMware ESXi 4.0 VMware ESX 4.1 VMware ESX 4.0 Publisher: VMWare Operating System: VMWare ESX Server Impact/Access: Denial of Service -- Remote/Unauthenticated Root Compromise -- Existing Account Read-only Data Access -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2010-3853 CVE-2010-3762 CVE-2010-3614 CVE-2010-3613 CVE-2010-3609 CVE-2010-3435 CVE-2010-3316 CVE-2010-2059 Reference: ASB-2010.0244 ESB-2010.1051 ESB-2010.0598 Revision History: February 1 2012: Added reference to VMSA-2012-0001 for the updates to rpm, rpm-libs, rpm-python and popt in the patch release of ESX 4.1 on 2012-01-30 October 28 2011: Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 April 29 2011: ESX 4.1 patches March 9 2011: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2011-0004.3 Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. Issue date: 2011-03-07 Updated on: 2012-01-30 CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-2059 CVE-2010-3609 ----------------------------------------------------------------------- 1. Summary Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm. 2. Relevant releases VMware ESXi 4.1 without patch ESXi410-201101201-SG. VMware ESXi 4.0 without patch ESXi400-201103401-SG. VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG. VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG. 3. Problem Description a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-3609 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi ESXi400-201103401-SG ESXi 3.5 ESXi not applicable ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX ESX400-201103401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. b. Service Console update for bind This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3613, CVE-2010-3614, and CVE-2010-3762 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201104407-SG ESX 4.0 ESX ESX400-201103407-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3316, CVE-2010-3435, and CVE-2010-3853 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201110207-SG ESX 4.0 ESX ESX400-201103404-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2059 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX refer to VMSA-2012-0001 ESX 4.0 ESX ESX400-201103406-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMWare ESXi 4.1 --------------- VMWare ESXi 4.1 Installable Update 1 http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_ 0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.ht ml http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. VMware ESX 4.1 -------------- ESX410-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062 017/ESX410-201104001.zip md5sum: 757c3370ae63c75ef5b2178bd35a4ac3 sha1sum: 95cfdc08e0988b4a0c0c3ea1a1acc1c661979888 http://kb.vmware.com/kb/1035110 ESX410-201104001 contains ESX410-201104407-SG. VMware ESX 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4 File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESX 4.1 Update 2 contains ESX410-201110207-SG. VMware ESX 4.1 Update 1 http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_ 1 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.htm l http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. VMware ESXi 4.0 --------------- ESXi400-201103001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677 367/ESXi400-201103001.zip md5sum: a68ef31414573460cdadef4d81fb95d0 sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31 http://kb.vmware.com/kb/1032823 ESXi400-201103001 containes the following security bulletins: ESXi400-201103401-SG (openssl) | http://kb.vmware.com/kb/1032820 ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821 VMware ESX 4.0 -------------- ESX400-201103001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574 144/ESX400-201103001.zip md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8 sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b http://kb.vmware.com/kb/1032822 ESX400-201103001 containes the following security bulletins: ESX400-201103401-SG (SLPD, openssl, COS kernel) | http://kb.vmware.com/kb/1032814 ESX400-201103403-SG (JRE, Tomcat) | http://kb.vmware.com/kb/1032815 ESX400-201103404-SG (pam) | http://kb.vmware.com/kb/1032816 ESX400-201103405-SG (bzip2) | http://kb.vmware.com/kb/1032817 ESX400-201103406-SG (popt/rpm) | http://kb.vmware.com/kb/1032818 ESX400-201103407-SG (bind) | http://kb.vmware.com/kb/1032819 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609 ----------------------------------------------------------------------- 6. Change log 2011-03-07 VMSA-2011-0004 Initial security advisory in conjunction with the release of VMware ESX/ESXi 4.0 patches on 2011-03-07 2011-04-28 VMSA-2011-0004.1 Updated advisory after release of ESX 4.1 patches on 2011-04-28. 2011-10-27 VMSA-2011-0004.2 Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. 2012-01-30 VMSA-2011-0004.3 Added reference to VMSA-2012-0001 for the updates to rpm, rpm-libs, rpm-python and popt in the patch release of ESX 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ41GDEcm8Vbi9kMRAjRAAKDpJuBAQruPCQeFPYYWtGIYEZu+twCeKXr8 d0d7nag6nXIbZJP/MQrIbxU= =DxNR - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTyjjeO4yVqjM2NGpAQLRoA/+JQESiSbTfagCDz29FbtOcSQVLs2pFJ1Z 71o26j7tk9rX8GV06vwK4iiMmzb4xHLR8IQyAYuwy+voNxcYstWdQGZ2NmG5tXIU VDlBJsIu0RXaK57OCa4SGrnD92gSfj8FgnMgZGvL/HbJ7ljPi6LIHW4TSvLm4QvA PUtciZxCvw6KT65RP2RQbCuBD7ycwiblAj3tTb+gw5OoYpbBvHcEaOuQZFqdRbwh APD7E0gjG6ZCWXLeeXtPXprEnYff+opD8m2d9IRKzR09qpL2x5mjhLfaN66uwBFM 7wRgDiPLE77eHoRY5KYwwNLXUABC7oa2VQgWcGYZV0Fb8DgcNxE5zcH0sT9xpBRk R3n8l6T6LgT1z7RUGITRglkeoXl+Y5ZE8ZhW30JokTjAy3rkLlD2dimfSWyf+jb5 0roHc9f1Y4qv9dNKaHkHIdyvzK6sI+8goAXQvvD8UucIdx+lZt+bAdYssufKMX9A KammJAnQrpyeDVyte35t9quirzYJNYKdyiJ/e6Dp0gbh8SnmXRLVODKGsPFvNzcm jkJh0NC/jjOnlaLCgOI/uXviYA8dbagi8iYt9HndljWNwdDEYoHljW5p3Fvt3Nvc 2eALNeMfI7DN4hQSL+TuI9wvQgp1xQAyO5/oGEJCBqWpglN7oXbkhDloChS2+Sgu uon36z3QqMI= =0zV7 -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=13777&it=14078