ESB-2018.1574 - [Win][UNIX/Linux] VMware Workstation, and VMWare Fusion: Multiple vulnerabilities 2018-05-23

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1574
          VMware Workstation and Fusion updates address signature
           bypass and multiple denial-of-service vulnerabilities
                                23 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware Workstation
                   VMware Fusion
Publisher:         VMWare
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Increased Privileges -- Existing Account
                   Denial of Service    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6963 CVE-2018-6962 

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2018-0013.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0013
Severity:    Important
Synopsis:    VMware Workstation and Fusion updates address signature
             bypass and multiple denial-of-service vulnerabilities
Issue date:  2018-05-21
Updated on:  2018-05-21 (Initial Advisory)
CVE number:  CVE-2018-6962 and CVE-2018-6963

1. Summary

   VMware Workstation and Fusion updates address signature bypass and
   multiple denial-of-service vulnerabilities

2. Relevant Releases

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro, Fusion (Fusion)

3. Problem Description

   a. Fusion signature bypass vulnerability

   VMware Fusion contains a signature bypass vulnerability which may
   lead to a local privilege escalation.

   VMware would like to thank CodeColorist of AntFinancial LightYear
   Security Labs for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6962 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product Running           Replace with/      Mitigation/
   Product     Version on      Severity  Apply patch        Workaround
   =========== ======= ======= =========  =============     ==========
   Fusion       10.x    OS X   Important    10.1.2             None

   b. Workstation and Fusion multiple Denial-of-service vulnerabilities

   VMWare Workstation and Fusion contain multiple denial-of-service
   vulnerabilities that occur due to NULL pointer dereference issues in
   the RPC handler. Successful exploitation of these issues may allow
   an attacker with limited privileges on the guest machine trigger a
   denial-of-Service of their guest machine.

   VMware would like to thank Hahna Latonick and Kevin Fujimoto working
   with Trend Micro's Zero Day Initiative, and Bruno Botelho (@utxsec)
   for individually reporting these issues to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6963 to these issues.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product Running           Replace with/      Mitigation/
   Product     Version on      Severity  Apply patch        Workaround
   =========== ======= ======= ========  =============      ==========
   Workstation  14.x    Any    Moderate     14.1.2             None
   Fusion       10.x    OS X   Moderate     10.1.2             None


4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Workstation Pro 14.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

   VMware Workstation Player 14.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer
   https://docs.vmware.com/en/VMware-Workstation-Player/index.html

   VMware Fusion Pro / Fusion 10.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadfusion
   https://docs.vmware.com/en/VMware-Fusion/index.html


5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6962
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6963

- - -----------------------------------------------------------------------

6. Change log

   2018-05-21 VMSA-2018-0013
   Initial security advisory in conjunction with the release of VMware
   Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

- - -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.


- -----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFbAt79DEcm8Vbi9kMRAh8ZAKDiOzX/EWU3TubYD2TZE8Ybq01gygCfYOMO
qL3cJ3d8dEPchbYxcTOmwlU=
=eco8
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWwT9+ox+lLeg9Ub1AQiN7Q//S+0zgSTj2U2Kjk9+7vv0ggAVSUtMrzv6
lJgwD1aihY+7z4AGgBwxwuTtgpoMwiQHd6yOb0HdK6Y/m5zgVuRXLoK4pnHdejcL
h79WCjoPvI+uU/JAIGYE2rD6ZEkPgLfWIGMa8TJT0uNHhz7UOYaz6FN4G7IlUCEM
HqNG98DwogNEqtuPXwoGK4Gztv5CT5pZrnuY/vyssoLFKXMdtfrWKrQ0fRs6IkY3
a2cS2KT3/gZDmfnyiUjjvITdp+mHBHxEnezAW5kMQ+F+h7p+Ul0meOTs2eYBdteU
BOotPIMRuSzf9poaF5xedJboYwnfoiBdj5XGLi43QYXl9ibZ9Y8D966zYDPu4iXJ
d+3nNCsUwpnndxRec9AnQXKC/yxVHfhAw2PFRaXCprc+a0PsJj/wmw/EveJOGSwS
yW24rvuPRIjOKeX7zNu46PlfOWAa9UeuZlFGN2N+Mwkv61o0rOkyg1PurZAEWgWA
2MB+FVyWHLNjgdPGFoTx3HseGev2Ak2JtYaj/3bvPy7AM8v5pwpQWN5xGVFEzbMz
wVWXFGkZaoxBJKvvsLjtXzlyNWz6cVnlFyv2N6aQw/K85g8K7I3icVzk+0BQWuin
3K46dNOtMCUqcKgclcG89vII/RlvWgjndGhLTA/X4spmxKbURy/ud4cki5lOc+r+
ThkS/j8gjfQ=
=Kkvu
-----END PGP SIGNATURE-----

« Back to bulletins