Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0010.3
VMware security updates for vCSA and ESXi
30 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware vCenter
VMware ESXi
Publisher: VMWare
Operating System: VMWare ESX Server
Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2012-6325 CVE-2012-6324 CVE-2012-3480
CVE-2012-3406 CVE-2012-3405 CVE-2012-3404
CVE-2012-0864 CVE-2011-4609 CVE-2011-1089
CVE-2010-0830 CVE-2009-5064 CVE-2009-5029
Reference: ESB-2012.0833
ESB-2012.0415.3
Original Bulletin:
http://www.vmware.com/security/advisories/VMSA-2012-0018.html
Revision History: April 30 2013: Updated security advisory to correct the
wrong Replace with / Apply Patch for ESXi
5.1 for issue c). The correct patch is
ESXi510-201304101 and is reflected in the
table.
February 25 2013: Updated security advisory to add section
3d, which documents CVE-2012-6326
January 2 2013: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2012-0018.2
Synopsis: VMware security updates for vCSA and ESXi
Issue date: 2012-12-20
Updated on: 2012-04-25
CVE numbers: ------------- vCSA ---------------
CVE-2012-6324, CVE-2012-6325
------------- glibc --------------
CVE-2009-5029, CVE-2009-5064, CVE-2010-0830,
CVE-2011-1089, CVE-2011-4609, CVE-2012-0864,
CVE-2012-3404, CVE-2012-3405, CVE-2012-3406,
CVE-2012-3480
--------- vCenter Server ---------
CVE-2012-6326
- - - --------------------------------------------------------------------
1. Summary
VMware has updated vCenter Server Appliance (vCSA) and ESX to
address multiple security vulnerabilities
2. Relevant releases
vCenter Server Appliance 5.1 prior to 5.1.0b
vCenter Server Appliance 5.0 prior to 5.0 Update 2
vCenter Server 5.0 prior to 5.0 Update 2
vCenter Server 4.1 prior to 4.1 Update 3
VMware ESXi 5.1 without patch ESXi510-201304101
VMware ESXi 5.0 without patch ESXi500-201212101
3. Problem Description
a. vCenter Server Appliance directory traversal
The vCenter Server Appliance (vCSA) contains a directory
traversal vulnerability that allows an authenticated
remote user to retrieve arbitrary files. Exploitation of
this issue may expose sensitive information stored on the
server.
VMware would like to thank Alexander Minozhenko from ERPScan for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-6324 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCSA 5.1 Linux 5.1.0b
vCSA 5.0 Linux 5.0 Update 2
b. vCenter Server Appliance arbitrary file download
The vCenter Server Appliance (vCSA) contains an XML parsing
vulnerability that allows an authenticated remote user to
retrieve arbitrary files. Exploitation of this issue may
expose sensitive information stored on the server.
VMware would like to thank Alexander Minozhenko from ERPScan for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-6325 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCSA 5.1 Linux not affected
vCSA 5.0 Linux vCSA 5.0 Update 2
c. Update to ESX glibc package
The ESX glibc package is updated to version glibc-2.5-81.el5_8.1
to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-5029, CVE-2009-5064,
CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864
CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480
to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
ESXi 5.1 ESXi ESXi510-201304101
ESXi 5.0 ESXi ESXi500-201212101
ESXi 4.1 ESXi no patch planned
ESXi 4.0 ESXi no patch planned
ESXi 3.5 ESXi not applicable
ESX any ESX not applicable
d. vCenter Server and vCSA webservice logging denial of service
The vCenter Server and vCenter Server Appliance (vCSA) both
contain a vulnerability that allows unauthenticated remote
users to create abnormally large log entries. Exploitation
of this issue may allow an attacker to fill the system volume
of the vCenter host or appliance VM and create a
denial-of-service condition.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-6326 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
vCenter Server 5.1 Windows not affected
vCenter Server 5.0 Windows 5.0 Update 2
vCenter Server 4.1 Windows 4.1 Update 3
vCenter Server 4.0 Windows not affected
VirtualCenter 2.5 Windows not affected
vCSA 5.1 Linux not affected
vCSA 5.0 Linux 5.0 Update 2
ESX/ESXi any any not affected
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
vCenter Server 5.1.0b
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_
vsphere/5_1
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-rel
ease-notes.html
vCenter Server 5.0 Update 2
---------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_
vsphere/5_0
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html
vCenter Server 4.1 Update 3
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_
vsphere/4_1
Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.html
ESXi and ESX
------------
The download for ESXi includes vCenter Server Appliance.
https://my.vmware.com/web/vmware/downloads
ESXi 5.1
--------
File: update-from-esxi5.1-5.1_update01.zip
md5sum: 28b8026bcfbe3cd1817509759d4b61d6
sha1sum: 9d3124d3c5efa6d0c3b9ba06511243fc6e205542
update-from-esxi5.1-5.1_update01.zip contains ESXi510-201304101-SG
http://kb.vmware.com/kb/2041632
ESXi 5.0
--------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334
http://kb.vmware.com/kb/2033751
update-from-esxi5.0-5.0_update02.zip contains ESXi500-201212101
5. References
------------- vCSA ---------------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325
------------- glibc --------------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
--------- vCenter Server ---------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6326
- - --------------------------------------------------------------------
6. Change log
2012-12-20 VMSA-2012-0018
Initial security advisory in conjunction with the release of
vSphere 5.1 Patch 1 and vSphere 5.0 Update 2 on 2012-12-20.
2013-02-21 VMSA-2012-0018.1
Updated security advisory to add section 3d, which documents
CVE-2012-6326.
2013-02-21 VMSA-2012-0018.2
Updated security advisory to correct the wrong Replace with
/ Apply Patch for ESXi 5.1 for issue c). The correct patch is
ESXi510-201304101 and is reflected in the table.
- - --------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
- -----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8
wj8DBQFReaMbDEcm8Vbi9kMRAuF1AKD/q7a6fKUocgVeOmWPco0JGPd2aACfaQXL
bfLqe72MVFIBc/BjQmvYja0=
=2IOL
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUX8lze4yVqjM2NGpAQId2g/9GejdFZu+Sasr+zzK4QCeMkoVSK1nU4sU
abM694BP7SVfVh7i1IQvszYOS4P6wZpmpX02+v+YUotkwAjKmKFHjSG0U13BdJWL
UIbBjP/E8Y+QOGsRINQ2viP3TqXfYvMvKfr7jcIsoIJcCJU2Jrsr4pxtT1zUK+aK
kr/C9sYCNX/rHoM/NpCL+c0tMLyD7y+zDHmYroi4XNKyEKrgLW6Ep9O8nrgvZ8bS
cM2EABcuEFVeryOeMi/Tpxy5l89UBSFFHyDe8J2965c8sy8e8EyF3ACVF48t3Rei
Dvw1e0Wk9Sjf808IQWx/49UxO9nMqBW6U6kCc+Nw7TrSjBKGHtyANYZk8Rv9rAgu
uBkWGBq/3CWxt+wQA39YT69tXAZMPu9HutyTq8dy2Y8ixCY5G8xvdEhMJ2IIVkxm
h9oQzTi5vl6EMYOw1Vzw/qaocFZZ1+oEIRCdndw9ddg7otTU0bQg8ht/Un/ZthfT
KHUdKoX20vhOegN45WN5QhhfiaDEnUj0H6PuP7KZnCY8u503iEA40e0izWoGBxaP
kFdbKs4yDoc5cb+wTffwaflhW8NfoXzV4B6OqYGCkQL2AXWZAFPk1rNOryfb62CN
UPysaIUT875xv2dUYAYwLWxr+X9zUaF0Rrsc9WUHMrJ4Lk2cfT+uNsz2iUJfYs7R
kCNHnR6G9yc=
=raM2
-----END PGP SIGNATURE-----