Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0233.2
VMware vSphere Data Protection product update addresses a
certificate validation vulnerability
27 March 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMWare vSphere Data Protection
Publisher: VMWare
Operating System: VMware ESX Server
Linux variants
Windows
Impact/Access: Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-4632
Revision History: March 27 2015: Updated security advisory in conjunction
with the release of VMware ESXi 5.1 Patches released on
2015-03-26
January 30 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0001.2
Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion
updates address security issues
Issue date: 2015-01-27
Updated on: 2015-03-26
CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
--- OPENSSL---
CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568
--- libxml2 ---
CVE-2014-3660
- ------------------------------------------------------------------------
1. Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address
several security issues.
2. Relevant Releases
VMware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1
VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG, ESXi510-201503101-SG
ESXi 5.0 without patch ESXi500-201405101-SG, ESXi500-201502101-SG
3. Problem Description
a. VMware ESXi, Workstation, Player, and Fusion host privilege
escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary
file write issue. Exploitation this issue may allow for privilege
escalation on the host.
The vulnerability does not allow for privilege escalation from
the guest Operating System to the host or vice-versa. This means
that host memory can not be manipulated from the Guest Operating
System.
Mitigation
For ESXi to be affected, permissions must have been added to ESXi
(or a vCenter Server managing it) for a virtual machine
administrator role or greater.
VMware would like to thank Shanon Olsson for reporting this issue to
us through JPCERT.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-8370 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any 6.0.5
ESXi 5.5 ESXi ESXi550-201403102-SG
ESXi 5.1 ESXi ESXi510-201404101-SG
ESXi 5.0 ESXi ESXi500-201405101-SG
b. VMware Workstation, Player, and Fusion Denial of Service
vulnerability
VMware Workstation, Player, and Fusion contain an input
validation issue in the Host Guest File System (HGFS).
This issue may allow for a Denial of Service of the Guest
Operating system.
VMware would like to thank Peter Kamensky from Digital
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1043 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any 7.0.1
Fusion 6.x any 6.0.5
c. VMware ESXi, Workstation, and Player Denial of Service
vulnerability
VMware ESXi, Workstation, and Player contain an input
validation issue in VMware Authorization process (vmware-authd).
This issue may allow for a Denial of Service of the host. On
VMware ESXi and on Workstation running on Linux the Denial of
Service would be partial.
VMware would like to thank Dmitry Yudin @ret5et for reporting
this issue to us through HP's Zero Day Initiative.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1044 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any not affected
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201410101-SG
ESXi 5.0 ESXi not affected
d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1
and 0.9.8 package
The OpenSSL library is updated to version 1.0.1j or 0.9.8zc
to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566 (ìPOODLEî) and CVE-2014-3568 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any Update 2d*
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201503101-SG
ESXi 5.0 ESXi ESXi500-201502101-SG
* The VMware vCenter 5.5 SSO component will be updated
in a later release.
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17
to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3660 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201503101-SG
ESXi 5.0 ESXi patch pending
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
VMware Workstation 10.x
--------------------------------
https://www.vmware.com/go/downloadworkstation
VMware Player 6.x
--------------------------------
https://www.vmware.com/go/downloadplayer
VMware Fusion 7.x and 6.x
--------------------------------
https://www.vmware.com/go/downloadplayer
vCenter Server
----------------------------
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
ESXi 5.5 Update 2d
----------------------------
File: update-from-esxi5.5-5.5_update01.zip
md5sum: 5773844efc7d8e43135de46801d6ea25
sha1sum: 6518355d260e81b562c66c5016781db9f077161f
http://kb.vmware.com/kb/2065832
update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG
ESXi 5.5
----------------------------
File: ESXi550-201501001.zip
md5sum: b0f2edd9ad17d0bae5a11782aaef9304
sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1
http://kb.vmware.com/kb/2099265
ESXi550-201501001.zip contains ESXi550-201501101-SG
ESXi 5.1
----------------------------
File: ESXi510-201404001.zip
md5sum: 9dc3c9538de4451244a2b62d247e52c4
sha1sum: 2e052145f1697a781148e9866438a47c9cbd7ea9
http://kb.vmware.com/kb/2070666
ESXi510-201404001 contains ESXi510-201404101-SG
ESXi 5.1
----------------------------
File: ESXi510-201503001.zip
md5sum: 696360824ce098115f9fdba678391c3a
sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66
http://kb.vmware.com/kb/2099286
ESXi510-201503001 contains ESXi510-201503001-SG
ESXi 5.0
----------------------------
File: ESXi500-201405001.zip
md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d
sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5
http://kb.vmware.com/kb/2075521
ESXi500-201405001 contains ESXi500-201405101-SG
ESXi 5.0
----------------------------
File: ESXi500-201502001.zip
md5sum: 0e81d3c7702d6f08c1a5ebe743c8c42b
sha1sum: 6f16a03f413c1af4db3e181c2ccd6aa01141035d
http://kb.vmware.com/kb/2101910
ESXi500-201502001 contains ESXi500-201502101-SG
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
- ------------------------------------------------------------------------
6. Change log
2015-01-27 VMSA-2015-0001
Initial security advisory in conjunction with the release of VMware
Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d
and, ESXi 5.5 Patches released on 2015-01-27.
2015-02-26 VMSA-2015-0001.1
Updated security advisory in conjunction with the release
of VMware ESXi 5.0 Patches released on 2015-02-26.
2015-03-26 VMSA-2015-0001.2
Updated security advisory in conjunction with the release
of VMware ESXi 5.1 Patches released on 2015-03-26.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVRSNDRLndAQH1ShLAQIydg//Roh/fKmQRyHqxd+SQDaS3tgDWFSHyjtB
4qUEm+ubI6rNKRZZnZPy8NTwHP7irohceWFGSK+hvERXy2ARykCbY/BP3kZmRNFh
FrYaogdOb4+g5SVNF0b7IHUHJhJvH7jkQbFv1v4vTTgBz4gCr0suPsVt57OpWm5H
p8W5LhtaFF6/jOdyIIccheYuoGYdnEhp7o/b2V65Zi7Mai0LPTS30KAkUpwqUlDY
U9PktAWuyoPbwrKCr9Qe8/GaABu02P6QE3aiati9utPciJ4Y/fV1Tl0A/g0K6S1P
NwTskymcdENBiWw/Ewo4OWA9E+S2T0xBOSq6nf46xV8wtoMz6ZtajbFiTc9ijAWZ
PwYm2JVmK4A851vKzcgaN6xy4yStTY5BAsSjvMuxoJLBm2YZAV0D771XdrzHqMpz
2+RhWcGXZ6yDBUrgKTY7VXN3gUeF85i0fSFfptcDge2IzqA/h3zbMVUrbPHJr/5e
vAXBpeJ1NA8SHjwe8xP1lm7IJE5qbSmAx0SUFDRN1hFXM/ISxrAJYYvFQKH/0r0z
QGDQSgZeEMHbksDd3YjOFdupqN4i6H3v0A4LuQESICaL2GVJb/8nF9XeI2JtZpg5
uIrCw1djnirNVrvAjIu7IDmq4NuPSNdN5YAQtxBKH/vV46avxGuVqTj6i+bei+OR
9C2OwB/Sy8g=
=Tfif
-----END PGP SIGNATURE-----