copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2007.0933 -- [Ubuntu] -- VMWare vulnerabilities

Date: 16 November 2007
References: AA-2007.0080  ESB-2009.0194  

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                         ESB-2007.0933 -- [Ubuntu]
                          VMWare vulnerabilities
                             16 November 2007


        AusCERT Security Bulletin Summary

Product:              vmware
Publisher:            Ubuntu
Operating System:     Ubuntu
Impact:               Root Compromise
                      Execute Arbitrary Code/Commands
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4497 CVE-2007-4496 CVE-2007-0063
                      CVE-2007-0062 CVE-2007-0061

Ref:                  AA-2007.0080

Original Bulletin:

- --------------------------BEGIN INCLUDED TEXT--------------------

Ubuntu Security Notice USN-543-1          November 15, 2007
linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities
CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4496,

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:

Ubuntu 6.10:

Ubuntu 7.04:

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures.  Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player.  Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system.  (CVE-2007-4496, CVE-2007-4497)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    10718 096ef8a53ec833e2d8bba6b3a1b743e3
      Size/MD5:     1655 8c107f6542df832f61773d9daef125d3
      Size/MD5:   223637 7363a61e0f97c791a8a86d8950e733cb

  Architecture independent packages:
      Size/MD5:     7188 bb451b9e89e60d955d97b0867bdf705e
      Size/MD5:   187442 3e50b28e99bf71d9c3be4fcd3bdbf8d5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   166346 a479d29cfc7c7ae4b1fe4815c41f3d00

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   165990 39a8b92a5f8505865e7846392e63622b

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    91770 b4b7ffa2ec8ac9a39b68052171a30adb
      Size/MD5:     3253 16938b4a4a55b87e3f3a542d3657bc17
      Size/MD5: 94304903 a7874ae1c6a4c5e37206a77ab51016c2

  Architecture independent packages:
      Size/MD5:    20532 9c080698a7740dc792cf6ca7e2f437b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  2129768 61b1b500d3213bf7bb7bb2f73b21e7bc
      Size/MD5:   547816 3cfcdc8a871ae96096348665d3a74b0d
      Size/MD5:   162790 c40da9490da8966eabfa58ec17f8e4fa
      Size/MD5:  6082518 b4bd2bbb07619964da69509cdb2afced
      Size/MD5:  1755906 5ad8f13bdfe49b9de96018bfe3f5477b
      Size/MD5:  1383978 e370829b7ba70e3dcbbe7a9337ac4b62
      Size/MD5:   477132 933e7ebf55a7413b4be1c893ea73393e
      Size/MD5:    77936 26c20fc7886b2fd8d7c0e12f4ee04835
      Size/MD5:  6664188 852aec0f7f389d174250a9e6567d1b44
      Size/MD5:   965686 f948dbd173a8fc281409a9e7fd9cac8c
      Size/MD5:   330438 387a83f3605818f7188ef719728b7458
      Size/MD5:   168846 d66de345056cc3a43f288c934ba77205
      Size/MD5:  7330970 3aacf7260e8a93770d7c5f563f48bcc8
      Size/MD5:    94510 1aae41550142609ad46bb2a60d81b53f
      Size/MD5:   133910 96004462b60b8e37ca0c93c15dfbd3d5
      Size/MD5: 16017430 168c4d404c7d052410d03343a85f9caf

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3426660 86f6b157608a4d70f8bf2e08eb2c3172
      Size/MD5:   702154 5612f0a6aa08ae8171dcb5a12cae7c8f
      Size/MD5:   141856 97f349c5665b7032e11e8c39584a425d
      Size/MD5:  3070812 7f2d3882ba35a3d58ce3330e659efbb4
      Size/MD5:  1695852 15b80b8bd7d41d70affa059e8af6eb0b
      Size/MD5:  1374660 98844f1d696780ca1cc7e19ee6e2ff13
      Size/MD5:  1206684 06c213aafbb2bc9f540cb031cc0da231
      Size/MD5:    75246 7c204703a27adefad24d9170a3ab92a8
      Size/MD5:  7897204 afb6c953a57d199b057cc55abead735b
      Size/MD5:  7692608 d960124f7c6415d7f897e5ce73a63fb5
      Size/MD5:   965580 83d6318d1dc66183cb6d2b1644ac7d89
      Size/MD5:   303430 8b6609cbfe3e8e4cea962bcee38fbbdf
      Size/MD5:   149692 7c3e051e19e25640e5fac8b5b1d73234
      Size/MD5:  4066650 62e0d99a4845a4f452c9af8aad85f8df
      Size/MD5:   141080 f5bc60b323ff6bcdb98f0cce5ccc37bd
      Size/MD5:   117958 74e5735d5e3513bf8e7cb6cbb74cdd91
      Size/MD5:  9402728 466b70278fe6d1e7ce2ba320883ba394

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1297436 7cef17256db690e4acaabbcab9567d33
      Size/MD5:   996848 6e9707ec05874b1ea15cfc0bad6d0ba0
      Size/MD5:  1294562 f81c80e2c053269ec1f486a348a8b8f2
      Size/MD5:   965670 8109959c9f9b943466a4d1097b407e1c
      Size/MD5:   298288 aa9720d46f6ffa8e20e930b585f626cf

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   996806 bbc8045c29b93d3657e39f4aeb5a9a46
      Size/MD5:   996726 be426abb3c4b06d3bd43f980818df9d7

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   107311 cf9d25d9021846d91dfe03147f58134f
      Size/MD5:     3321 d387dd04e120b1a0bf2e1a890c6a2ac0
      Size/MD5: 139814900 ab2c852e27c86d11d0156920ca5f8d56

  Architecture independent packages:
      Size/MD5:    21758 22a55b5af60d938104692f10586a5009

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  2131510 ea57dc79057f4ab9313c2edf7f89ada9
      Size/MD5:   217892 a1191066c9237165a6aa4214cb6d2def
      Size/MD5: 13551244 ecfd8f658457fe0320ba23feb211a425
      Size/MD5:   163984 8ad49cfa8cbf9bfb3ea57ede6aa0b38d
      Size/MD5:  6069482 3f84236ba83a33adb40a0a76f5d740e1
      Size/MD5:  1860046 6d242bb4c17da3a3b30537c6d4a1cd5a
      Size/MD5:  1384728 2f12b400111e2c847e8129eb0996828f
      Size/MD5:   478316 fe23e46fde4f2efbbeee989b8376315b
      Size/MD5:    80392 62a2e61cc6884651dd4a0afff2f27253
      Size/MD5: 13537354 445136669d5a70510f9569e534085c15
      Size/MD5:   966304 f33cd9e88ccb0b450d0508a1ed5532bf
      Size/MD5:  1942578 ada0b48ff16cbcad3f70ee30e882f2e4
      Size/MD5:   176202 82b889c0493955030450d4525191d904
      Size/MD5:   176632 431c1eed1293af9104027e2be44117df
      Size/MD5:  8682272 5e1a7bd9c78cf5472ba802b801191e1a
      Size/MD5:  7995532 375fbd1d7b7b3f97916bc26c44994ca8
      Size/MD5:  2525698 d61bebd28902ba783b13ad5d8dec8a37
      Size/MD5:  1068712 407398dcda627e0017c3d5a50c18c202
      Size/MD5:  1630252 66d99623acdef217a7d4ae19d9cc00a8
      Size/MD5:   357818 2259f5daef43420d155495840da82f51
      Size/MD5:   147104 7cdf0439317549c7599b50ef753caeb1
      Size/MD5:  9822882 57f6c9f3be0f42dff4de77fe24e4adf9

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3429028 02da7c06e3573fed31ac614bdb6f9d4f
      Size/MD5:   217906 a6c93d7fe42ecec355d51b1dcead160f
      Size/MD5: 16103446 d426df9f662aa4b30ca8da7ab451de85
      Size/MD5:   143074 4e23cc004c3d1a34378a6a51641eb83d
      Size/MD5:  3064258 fc9c94b39514c8ac8993ebc96b01b0a6
      Size/MD5:  1762968 66c055f18eb670bf97b4e1e2dd36eef6
      Size/MD5:  1376242 086f970006e33567baaa3dbf45f6ea07
      Size/MD5:  1207860 0bf59f88fb7c8d6c60e2e3df78838a97
      Size/MD5:    77642 6086aa00b90d0e9a02e9d68dfcd4ecf6
      Size/MD5: 16339870 af8990e8eaa18b9bb796426f2e863f9b
      Size/MD5: 16096602 89ba57818f2286f771efceaff0f0d573
      Size/MD5:   966234 8990926c8c813ff1bc31b2ab59ec130f
      Size/MD5:   966300 29be6415cc349d0516dc81f6c5707609
      Size/MD5:  2120362 79e3e5c2eab73887982500b7b4095e27
      Size/MD5:  2160954 ca04a7bce01331e9b0d1ec7b80f8f720
      Size/MD5:   156104 5da87c0f0f8e7935d424ff9250d75ccd
      Size/MD5:   156570 cf778185c0e002bbd8fb3879858e3dcc
      Size/MD5:  4833234 22d6b8c941214bd4c9d3cdc9c391331a
      Size/MD5:  4492524 3de472789cd9f910cb3469e4efeab5d4
      Size/MD5:  2454180 b615aba8b838fe3026f6f10fc24e5bf8
      Size/MD5:  1666842 e8c000b3c72f3cd491afa73fe78ba7cd
      Size/MD5:  2860702 78599f3c21b776b7a5f37985b4466b9e
      Size/MD5:   760572 c46af567f20f105fd55b9a12756c19be
      Size/MD5:   130290 9148c9ea6d64e7fffa41171a837e19c0
      Size/MD5:  6143064 646f4de5ffe41fdf0089af45ed165d99

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1295122 e2bacd9a6b1f6b0c3bbb12fffe98823d
      Size/MD5:   998650 c58e5b1d585220d5d254e52503d0bc0e
      Size/MD5:  1292504 d58d9ada1a679926ed056951a0b1a186
      Size/MD5:   966294 13a05129890297710c0caee040b96e6b
      Size/MD5:   295196 81fc5ef428f8f6fe2e13a6e2c6f1db42

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   998610 6c33fe13755d6d97bf81bd9e14b6ba48
      Size/MD5:   998534 a9e999034452a3824188576bb53f61ca

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.