Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0995
VMware hosted products vulnerable to remote code execution
5 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Workstation
VMware Player
VMware Fusion
Publisher: VMWare
Operating System: Windows
Linux variants
Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3868
Original Bulletin:
http://www.vmware.com/security/advisories/VMSA-2011-0011.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0011
Synopsis: VMware hosted products address remote code execution
vulnerability
Issue date: 2011-10-04
Updated on: 2011-10-04 (initial release of advisory)
CVE numbers: CVE-2011-3868
- - ------------------------------------------------------------------------
1. Summary
Hosted product updates address a remote code execution vulnerability
in the way UDF file systems are handled
2. Relevant releases
VMware Workstation 7.1.4 and earlier
VMware Player 3.1.4 and earlier
VMware Fusion 3.1.2 and earlier
3. Problem Description
a. UDF file system import remote code execution
A buffer overflow vulnerability is present in the way UDF file
systems are handled. This issue could allow for code execution if a
user installs from a malicious ISO image that was specially crafted
by an attacker.
VMware would like to thank an anonymous contributor working with the
SecuriTeam Secure Disclosure program for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name 3868.11-3868 to the issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Workstation 7.x any 7.1.5 or later
Player 3.x any 3.1.5 or later
AMS any any not affected
Fusion 4.x Mac OS/X not affected
Fusion 3.1.x Mac OS/X 3.1.3 or later
ESXi any ESXi not affected
ESX any ESX not affected
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware Workstation 7.1.5
------------------------
http://www.vmware.com/go/downloadworkstation
Release notes:
http://downloads.vmware.com/support/ws71/doc/releasenotes_ws715.html
VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 40a0a39377a6ba804d5e76e59449d51f
sha1sum: 25462e18bf9439876c63948415f7ba7b09baa8e6
VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 9c9b4d7a749f1baa485f26e6f366c070
sha1sum: 31033424656b8eaaa814f3e9c3b5b9c5c53b783b
VMware Workstation for Linux 64-bit with VMware Tools
md5sum: 482b8b2890f75488addfc31418031864
sha1sum: b1f73650f70c94249e5add5d9516d0e45c4ae87d
VMware Player 3.1.5
-------------------
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player31/doc/releasenotes_player315.html
VMware Player for 32-bit and 64-bit Windows
md5sum: fcc91227963e58efcb63fb791d2fd813
sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390
VMware Player for 32-bit Linux
md5sum: c96867c8093d23065bed7e71e020bb19
sha1sum: 4156bdfb7f679114671b416d178028fdc4d3beb4
VMware Player for 64-bit Linux
md5sum: 1ec954f1baaf6a60e451979b5e88f2d6
sha1sum: a253a486d6c6848620de200ef1837ced903daa1c
VMware Fusion 3.1.3
-------------------
http://www.vmware.com/go/downloadfusion
Release Notes:
http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_313.htm
l
VMware Fusion for Intel-based Macs
md5sum: f35ac5c15354723468257d2a48dc4f76
sha1sum: 3c849a62c45551fddb16eebf298cef7279d622a9
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3868
- - ------------------------------------------------------------------------
6. Change log
2011-10-04 VMSA-2011-0011
Initial security advisory in conjunction with the release of VMware
Workstation 7.1.5 and Player 3.1.5 on 2011-10-04.
- - -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFOi+F3DEcm8Vbi9kMRAp6fAJ9u6IbFoQ+8b4piuntrhjTxWa/pEQCfWxWM
7Y9rS59t3IxrhRphMUA0KiU=
=S5sg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTovrJe4yVqjM2NGpAQJ/7Q/+LNSBppzC6g+ilTLJw/0GjIlYpK/qodjj
My8xNvMztS7zgR1K3bTovrH/7ppn0fHh+ntmjsvdgYK//D4/cGHin7TmXt2RAb7C
7TWgmuhAGHoMDd1rLz2hc1e8s6yyk0k3FdfkehNS7tXr5VL8vPqZPgKiA07M57Gg
JCUAmSRLleuKfzN38HkWSbCpygXYIGPEcmsNsOJDGJFHK2v9ktnKmjC1orTdbKOI
CdMCKbZZaQCYJO2Xc6ae7120m9Y07m/bcvIyyici92OoCwh1jgI/V8sZ/gxTNuuY
Dpph6Wlm1sfDtTkZScy+jOwr+5vItFTvUpUZUDgpHgi0AreJLalr/XpqfEZ0Ghv2
ijXmDd76O4hA+LzBcYcZ/A3O/zQEkpbIBXSeTWMo9lmwO/JN4hLSjpGG0EVbbFh7
RQuK3EIjC1G+LhUNYJwP3v76w2J/7jERaGsQtOgo8o5fJ5g7VP1xR/lhz4BtfVq/
BJaVstcGKTHyTxRTepKq5uVSJQg0AX1mWnDPKrIK5j/cde0WLMnyzTl9yaW4yMLi
LR5sY77QO3zLr5mOoCGWpNDQy32cCvhhUpzBhptPsH+iSWew57751e3c35zSYBGi
u4UkauNORx6Mpaafo8Ql4tsgfYSxRHNNxwKKr6gEldp+xxQMEfXYjFFvemN3Rt1m
5iB3WK8Y3pI=
=ltEU
-----END PGP SIGNATURE-----