Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1619 VMware Horizon Client update addresses a privilege escalation vulnerability 30 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware Horizon Client Publisher: VMWare Operating System: Linux variants Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-6964 Original Bulletin: https://lists.vmware.com/pipermail/security-announce/2018/000415.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2018-0014 Severity: Important Synopsis: VMware Horizon Client update addresses a privilege escalation vulnerability Issue date: 2018-05-29 Updated on: 2018-05-29 (Initial Advisory) CVE number: CVE-2018-6964 1. Summary VMware Horizon Client update addresses a privilege escalation vulnerability 2. Relevant Products VMware Horizon Client for Linux (Horizon Client) 3. Problem Description VMware Horizon Client privilege escalation vulnerability VMware Horizon Client contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. VMware would like to thank Nassim Abbaoui, pentester at OVH, for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6964 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigations/ Product Version on Severity Apply patch Workarounds =========== =========== ======= ======== ============ ============ Horizon Client 4.x & prior Linux Important 4.8.0 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Horizon View Client for Linux 4.8.0 Downloads and Documentation: https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user _computing/vmware_horizon_clients/4_0 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6964 - - - --------------------------------------------------------------------- 6. Change log 2018-05-29 VMSA-2018-0014 Initial security advisory in conjunction with the release of VMware Horizon Client 4.8.0 on 2018-05-29. - - - ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735 VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFbDZU4DEcm8Vbi9kMRApVDAJ9135GNw3HmkVJaOGMgA+U60chs3QCcDjPH r24RHQqTULReKtGs53UjVfs= =pZt5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWw3eVWaOgq3Tt24GAQiwwxAA0A6lqsR3XaEeP9KcZC88TxRtyArLB9dE tyuvhSoadTWlmbyclbM+ygrgatjlS2f4lbOoQJsH+3dmsFLiaEtoPF40+7LxaZbQ I3nHEZdVxlUk2ziyZ6PUtCOvUQ/AODfijuT2vW8dDscedLdBnJhV4d/c/i8FyJ79 x0Ly5WAP630Nj033m10SHgPjlwq7TkWTOLn+GF1fZcVyvgzVV41MRaZXeHi0SK8i +DKDvK3DS49dtu6BGvPXwyfuPJgZBbtPmUjZ/CdpYbzi2RdeNjzC921hJNnKZFPj BSGED58X5eZESeqdGsYQvFcCV7KjCri+IP58/suin+H6LfC9boxB5UqpNcZurdlR TCjNY7FRU/PP4rRSRCbRAaBCqdHTfdDz++lSs2vsbKZZIk/+dD++gHj+rfwNzD3m hpPH2Z9K40Oms3SsyS54uQzzmDS3tyqZ+rB9174nfQEi+mEBphW1ZBWgovcCPg/X hcycC0O0eX68jr1c8GbgwnMYihYjuPEet6aiYc3DI8yi8/3iXD/Mb5IjfpSSz946 vyYXSVtdzeNMWXGfJL2Ef+9QH2SF9ZpXrewYXH8BWYgJ/TtoICblCmhNVm7uZfyG R9e0zwz2CwItThoaaZ4zDUevU3S5Ce/puy5YWwqqeomP3eV/JzuIEUjj/yMiLNcr dnBI1RO45EQ= =Wock -----END PGP SIGNATURE-----