Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0010.4
VMware ESX third party updates for Service Console packages
glibc, sudo, and openldap
28 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMWare ESX Server 4.0
VMWare ESX Server 4.1
Publisher: VMWare
Operating System: VMWare ESX Server
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2010-3856 CVE-2010-3847 CVE-2010-2956
CVE-2010-0212 CVE-2010-0211
Reference: ESB-2010.1083
ESB-2010.1055
ASB-2010.0173.2
ESB-2010.0802
Revision History: October 28 2011: Updated section 3.c as ESX does not contain the affected component of openldap
April 29 2011: ESX 4.1 patches
February 14 2011: Updated security advisory in conjunction with the release of patches for ESX 4.1 as part of the ESX 4.1 Update 1 release on 2011-02-10.
January 6 2011: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0001.3
Synopsis: VMware ESX third party updates for Service Console
packages glibc, sudo, and openldap
Issue date: 2011-01-04
Updated on: 2011-10-27
CVE numbers: CVE-2010-3847 CVE-2010-3856 CVE-2010-2956
CVE-2010-0211 CVE-2010-0212
- - ------------------------------------------------------------------------
1. Summary
ESX 4.x Service Console OS (COS) updates for glibc, sudo, and
openldap packages.
2. Relevant releases
VMware ESX 4.1 without patches ESX410-201101226-SG,
ESX410-201104404-SG
VMware ESX 4.0 without patches ESX400-201101405-SG,
ESX400-201101404-SG
3. Problem Description
a. Service Console update for glibc
The service console packages glibc, glibc-common, and nscd are each
updated to version 2.5-34.4908.vmw.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX ESX410-201101226-SG
ESX 4.0 ESX ESX400-201101405-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* Hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for sudo
The service console package sudo is updated to version
1.7.2p1-8.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2956 to the issue addressed in this
update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201104404-SG
ESX 4.0 ESX ESX400-201101404-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Service Console update for openldap
The service console package openldap is updated to version
2.3.43-12.el5_5.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not affected **
ESX 4.0 ESX ESX400-201101402-SG **
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** After the initial advisory, it was determined that ESX does not
contain the affected component of openldap.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESX 4.1
----------------
VMware ESX 4.1 Update 1
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-259-20110127-527075/update-from-esx4.1-4.1_update01.zip
md5sum: 2d81a87e994aa2b329036f11d90b4c14
sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
http://kb.vmware.com/kb/1029353
update-from-esx4.1-4.1_update01 contains the following security
bulletins:
ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330
ESX410-201101201-SG (core & CIM) | http://kb.vmware.com/kb/1027904
ESX410-Update01 also contains the following non-security bulletins
ESX410-201101219-UG, ESX410-201101203-UG, ESX410-201101214-UG,
ESX410-201101217-UG, ESX410-201101215-UG, ESX410-201101225-UG,
ESX410-201101223-UG, ESX410-201101216-UG, ESX410-201101202-UG,
ESX410-201101222-UG, ESX410-201101220-UG, ESX410-201101213-UG,
ESX410-201101218-UG, ESX410-201101204-UG, ESX410-201101221-UG,
ESX410-201101211-UG, ESX410-201101206-UG, ESX410-201101207-UG,
ESX410-201101224-UG, ESX410-201101208-UG.
To install an individual bulletin use esxupdate with the -b option.
ESX410-201104001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062017/ESX410-201104001.zip
md5sum: 757c3370ae63c75ef5b2178bd35a4ac3
sha1sum: 95cfdc08e0988b4a0c0c3ea1a1acc1c661979888
http://kb.vmware.com/kb/1035110
ESX410-201104001 contains ESX410-201104404-SG.
VMware ESX 4.0
-------
ESX400-201101001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-257-20101231-664659/ESX400-201101001.zip
md5sum: f1d522b380692e0845eb0dda480ab890
sha1sum: 906989af3ddacc41321d685c4afe0d740856f9d5
http://kb.vmware.com/kb/1029426
ESX400-201101001 contains the following security bulletins:
ESX400-201101401-SG (COS kernel) | http://kb.vmware.com/kb/1029424
ESX400-201101405-SG (glibc) | http://kb.vmware.com/kb/1029881
ESX400-201101404-SG (sudo) | http://kb.vmware.com/kb/1029421
ESX400-201101402-SG (openldap) | http://kb.vmware.com/kb/1029423
ESX400-201101401-SG is documented in VMSA-2010-0017.1.
To install an individual bulletin use esxupdate with the -b option.
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212
- - ------------------------------------------------------------------------
6. Change log
2011-01-04 VMSA-2011-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.0 on 2011-01-04
2011-02-10 VMSA-2011-0001.1
Updated security advisory in conjunction with the release of patches
for ESX 4.1 as part of the ESX 4.1 Update 1 release on 2011-02-10.
2011-04-28 VMSA-2010-0001.2
Updated advisory after release of ESX 4.1 patches on 2011-04-28.
2011-10-27 VMSA-2010-0001.3
Updated section 3.c on openldap. After the initial advisory, it was
determined that ESX does not contain the affected component of
openldap.
- - -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6qQA8ACgkQDEcm8Vbi9kOlVwCfXhDc/F2NnQ8STPC5gR9tUjlc
LMMAoM+mIZtHRKmLGReUWUQNVq8bA67y
=kFn6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTqpONO4yVqjM2NGpAQKrbhAAujohHj8Lz9KRrIwcdW0fIMt/5AfoOx1w
1Q7SlpmY4x+FQ57UwlOMsN5c9I2V6E2o+nQuEcWZG4UYvKhAs9X+4JfPRjfAwCnm
D45EcraLNywUozv34ia60qIKkFDKKp2enLk+XFkN7v/RCM+XCQcXE5cHKf6Poj/t
MxhdJopwlY9vmmLbcZaQ88IWUbxmnEGRWFDaP0sBC0TrKZE56qQHV9qUWv2nrZ5O
Dv8pjI4Vl/8OelwU+M98nD1ZpY7felhITUQJZXhrTJdKDrD8LtlDJs0UMRxmaE8N
nc7wuESiP/am03/yLYA/vEwMEXD6nNbTBgeknmNPA6nkSNbfCLDMs1FrkE19/0Fr
viHG2Yl1nSQM0nkdz89KyAUmwFBHMawWTwWJfBhHCDY0GpZL5N9mzkfAZ4du/w1P
1VTWyKNSEwsx4J5qTvW8JBOmXiO87HQm5Rbs7Eh+0ILtjA+2v18j3Fad6lIYKPYa
W76sh0RgvWiwJN/ijp3p+OqqeJU6Lttjg7Ao+VrrjdQyqC9h/2gZMM8umHgBK+2w
jde8TaHaAZGG90rB8g7Edbn6lRwhDSPNxJGlGvEfCpCDCRNjE7+ZjujTL07Psn/5
nvMWAN5tjexlDSKlLZbgZK2XNFcHj1XBXnZx9rChjruJTUVSYU8sgTT3pIMoOby0
GXW26gF/bsM=
=2pkz
-----END PGP SIGNATURE-----