-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2043
                   VMWare Tools and Workstation updates
                                7 June 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMWare Tools for Windows
                   VMWare Workstation Pro / Player
Publisher:         VMWare
Operating System:  Windows
                   Linux variants
Impact/Access:     Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5525 CVE-2019-5522 

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2019-0009.html

- --------------------------BEGIN INCLUDED TEXT--------------------

+-----------------------------------------------------------------------------+
|Advisory  |VMSA-2019-0009                                                    |
|ID        |                                                                  |
|----------+------------------------------------------------------------------|
|Advisory  |Important                                                         |
|Severity  |                                                                  |
|----------+------------------------------------------------------------------|
|CVSSv3    |7.1-8.5                                                           |
|Range     |                                                                  |
|----------+------------------------------------------------------------------|
|Synopsis  |VMware Tools and Workstation updates address out of bounds read   |
|          |and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)|
|----------+------------------------------------------------------------------|
|Issue Date|2019-06-06                                                        |
|----------+------------------------------------------------------------------|
|Updated On|2019-06-06 (Initial Advisory)                                     |
|----------+------------------------------------------------------------------|
|CVE(s)    |CVE-2019-5522, CVE-2019-5525                                      |
+-----------------------------------------------------------------------------+

1. Impacted Products

  * VMware Tools for Windows (VMware Tools)
  * VMware Workstation Pro / Player for Linux (Workstation)

2. Introduction

VMware Tools and Workstation updates address out of bounds read and
use-after-free vulnerabilities respectively.

3a. VMware Tools out of bounds read vulnerability - CVE-2019-5522

Description:

VMware Tools update addresses an out of bounds read vulnerability in vm3dmp
driver which is installed with vmtools in Windows guest machines.  VMware has
evaluated the severity of this issue to be in the Important severity range with
a maximum CVSSv3 base score of 7.1.

Known Attack Vectors:

A local attacker with non-administrative access to a Windows guest with VMware
Tools installed may be able to leak kernel information or create a denial of
service attack on the same Windows guest machine.

Resolution:

Update VMware Tools for Windows 10.x to 10.3.10 to resolve this issue.

Workarounds:

No workarounds provided for this vulnerability.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for
reporting this issue to us.

Response Matrix:

+-------------------------------------------------------------------------------------+
|Product|Version|Running|CVE          |CVSSV3|Severity |Fixed  |Workarounds|Additional|
|       |       |On     |Identifier   |      |         |Version|           |Documents |
|-------+-------+-------+-------------+------+---------+-------+-----------+----------|
|VMware |10.x   |Windows|CVE-2019-5522|7.1   |Important|10.3.10|None       |None      |
|Tools  |       |       |             |      |         |       |           |          |
+-------------------------------------------------------------------------------------+

3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525

Description:

VMware Workstation contains a use-after-free vulnerability in the Advanced
Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of
this issue to be in the Important severity range with a maximum CVSSv3 base
score of 8.5.

Known Attack Vectors:

A malicious user with normal user privileges on the guest machine may exploit
this issue in conjunction with other issues to execute code on the Linux host
where Workstation is installed.

Resolution:

Update Workstation 15.x to 15.1.0 to resolve this issue.

Workarounds:

No workarounds provided for this vulnerability.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this
issue to us.

Response Matrix:

+------------------------------------------------------------------------------------------+
|Product    |Version|Running|CVE          |CVSSV3|Severity |Fixed   |Workarounds|Additional|
|           |       |On     |Identifier   |      |         |Version |           |Documents |
|-----------+-------+-------+-------------+------+---------+--------+-----------+----------|
|Workstation|15.x   |Linux  |CVE-2019-5525|8.5   |Important|15.1.0  |None       |None      |
|-----------+-------+-------+-------------+------+---------+--------+-----------+----------|
|Workstation|15.x   |Windows|CVE-2019-5525|N/A   |N/A      |not     |N/A        |N/A       |
|           |       |       |             |      |         |affected|           |          |
+------------------------------------------------------------------------------------------+

4. References

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5525

Fixed Version(s) and Release Notes:

VMware Tools 10.3.10
Downloads and Documentation:

https://docs.vmware.com/en/VMware-Tools/index.html

https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId=
742

VMware Workstation Pro 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 15.1.0

Downloads and Documentation:

https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html

5. Change log
 
2019-06-06: VMSA-2019-0009  Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXPneXGaOgq3Tt24GAQhOlBAAnHYw8rF0jBzi/0RJOts/4TXaJ1IQTOgk
Xj4+L2pCdeLmN++iUZJNFrJ8aF1d41lf1UGmHewr7Z//a8/6nYh6vK03kLxmWA4S
Q7uD5FgFbOswy8qWr0HQL9UcICCkMG0TEtSdmN+TfD1joVZX/uPR2bVOGL2a7vu6
8Ce61yxFiHAKXgWMM+0ZubhcsizYJ5Jafoq5hbY9nluTfj7yiCoh0zAELUU1mGIS
GHWA64VqbRoUwFRPlxtbu9+hIHaY+2xAqE3muWQbJt0fWgUmQkj3JwsqQKSXmxD/
np1aKoHufv9t9xLayFsCKFu9AN0/2I19k2PgrrZfT9kdkc4uu7tm3QT3k9XmHdPG
SnjY3n8UpfinNy84F6FqPbxnBmuFaGp6kV+Q0INSMqwrQZ8hSPuG0v9KCMT/PB43
uH27PB4XHcMpMOkIlEbOQZUUcbeMxjl964pJJfFq3SmcgRRAUcF9Y1QMAPx1tcs9
m3EnorEAfoQUwFpm6u8vH6kMIIGopF3d+dLqEYF7tYlLARgy6tdCOZnXH/8VyiU9
ga5Xo5fLS+3VdmxxKd8Q/ljGhYe3RnC+uOPryWEKSC5PJs6zIZpj7Rpqh2g5fXsK
3Zudpmvp748qBYpY/wdpHCwh88TZQARCyucar9JVLBdEn691T6+9Ytz/Ybsjdqvh
pGl4wyjX/fs=
=b7uw
-----END PGP SIGNATURE-----