Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2043 VMWare Tools and Workstation updates 7 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMWare Tools for Windows VMWare Workstation Pro / Player Publisher: VMWare Operating System: Windows Linux variants Impact/Access: Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-5525 CVE-2019-5522 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2019-0009.html - --------------------------BEGIN INCLUDED TEXT-------------------- +-----------------------------------------------------------------------------+ |Advisory |VMSA-2019-0009 | |ID | | |----------+------------------------------------------------------------------| |Advisory |Important | |Severity | | |----------+------------------------------------------------------------------| |CVSSv3 |7.1-8.5 | |Range | | |----------+------------------------------------------------------------------| |Synopsis |VMware Tools and Workstation updates address out of bounds read | | |and use-after-free vulnerabilities. (CVE-2019-5522, CVE-2019-5525)| |----------+------------------------------------------------------------------| |Issue Date|2019-06-06 | |----------+------------------------------------------------------------------| |Updated On|2019-06-06 (Initial Advisory) | |----------+------------------------------------------------------------------| |CVE(s) |CVE-2019-5522, CVE-2019-5525 | +-----------------------------------------------------------------------------+ 1. Impacted Products * VMware Tools for Windows (VMware Tools) * VMware Workstation Pro / Player for Linux (Workstation) 2. Introduction VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities respectively. 3a. VMware Tools out of bounds read vulnerability - CVE-2019-5522 Description: VMware Tools update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1. Known Attack Vectors: A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine. Resolution: Update VMware Tools for Windows 10.x to 10.3.10 to resolve this issue. Workarounds: No workarounds provided for this vulnerability. Additional Documentations: None. Acknowledgements: VMware would like to thank ChenNan and RanchoIce of Tencent ZhanluLab for reporting this issue to us. Response Matrix: +-------------------------------------------------------------------------------------+ |Product|Version|Running|CVE |CVSSV3|Severity |Fixed |Workarounds|Additional| | | |On |Identifier | | |Version| |Documents | |-------+-------+-------+-------------+------+---------+-------+-----------+----------| |VMware |10.x |Windows|CVE-2019-5522|7.1 |Important|10.3.10|None |None | |Tools | | | | | | | | | +-------------------------------------------------------------------------------------+ 3b. VMware Workstation use-after-free vulnerability - CVE-2019-5525 Description: VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. Known Attack Vectors: A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed. Resolution: Update Workstation 15.x to 15.1.0 to resolve this issue. Workarounds: No workarounds provided for this vulnerability. Additional Documentations: None. Acknowledgements: VMware would like to thank Brice L'helgouarc'h of Amossys for reporting this issue to us. Response Matrix: +------------------------------------------------------------------------------------------+ |Product |Version|Running|CVE |CVSSV3|Severity |Fixed |Workarounds|Additional| | | |On |Identifier | | |Version | |Documents | |-----------+-------+-------+-------------+------+---------+--------+-----------+----------| |Workstation|15.x |Linux |CVE-2019-5525|8.5 |Important|15.1.0 |None |None | |-----------+-------+-------+-------------+------+---------+--------+-----------+----------| |Workstation|15.x |Windows|CVE-2019-5525|N/A |N/A |not |N/A |N/A | | | | | | | |affected| | | +------------------------------------------------------------------------------------------+ 4. References Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5525 Fixed Version(s) and Release Notes: VMware Tools 10.3.10 Downloads and Documentation: https://docs.vmware.com/en/VMware-Tools/index.html https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS10310&productId= 742 VMware Workstation Pro 15.1.0 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 15.1.0 Downloads and Documentation: https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html 5. Change log 2019-06-06: VMSA-2019-0009 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPneXGaOgq3Tt24GAQhOlBAAnHYw8rF0jBzi/0RJOts/4TXaJ1IQTOgk Xj4+L2pCdeLmN++iUZJNFrJ8aF1d41lf1UGmHewr7Z//a8/6nYh6vK03kLxmWA4S Q7uD5FgFbOswy8qWr0HQL9UcICCkMG0TEtSdmN+TfD1joVZX/uPR2bVOGL2a7vu6 8Ce61yxFiHAKXgWMM+0ZubhcsizYJ5Jafoq5hbY9nluTfj7yiCoh0zAELUU1mGIS GHWA64VqbRoUwFRPlxtbu9+hIHaY+2xAqE3muWQbJt0fWgUmQkj3JwsqQKSXmxD/ np1aKoHufv9t9xLayFsCKFu9AN0/2I19k2PgrrZfT9kdkc4uu7tm3QT3k9XmHdPG SnjY3n8UpfinNy84F6FqPbxnBmuFaGp6kV+Q0INSMqwrQZ8hSPuG0v9KCMT/PB43 uH27PB4XHcMpMOkIlEbOQZUUcbeMxjl964pJJfFq3SmcgRRAUcF9Y1QMAPx1tcs9 m3EnorEAfoQUwFpm6u8vH6kMIIGopF3d+dLqEYF7tYlLARgy6tdCOZnXH/8VyiU9 ga5Xo5fLS+3VdmxxKd8Q/ljGhYe3RnC+uOPryWEKSC5PJs6zIZpj7Rpqh2g5fXsK 3Zudpmvp748qBYpY/wdpHCwh88TZQARCyucar9JVLBdEn691T6+9Ytz/Ybsjdqvh pGl4wyjX/fs= =b7uw -----END PGP SIGNATURE-----