Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20659
HistoryOct 06, 2008 - 12:00 a.m.

VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

2008-10-0600:00:00
vulners.com
17
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2008-0016
Synopsis: VMware Hosted products, VirtualCenter Update 3 and
patches for ESX and ESXi resolve multiple security issues
Issue date: 2008-10-03
Updated on: 2008-10-03 (initial release of advisory)
CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103
CVE-2008-3104 CVE-2008-3105 CVE-2008-3106
CVE-2008-3107 CVE-2008-3108 CVE-2008-3109
CVE-2008-3110 CVE-2008-3111 CVE-2008-3112
CVE-2008-3113 CVE-2008-3114 CVE-2008-3115

  1. Summary

    VMware addresses a in-guest privilege escalation on 64-bit guest
    operating systems in ESX, ESXi, and previously released versions of
    our hosted product line. Updated VMware VirtualCenter Update 3
    addresses potential information disclosure and updates Java JRE
    packages.

  2. Relevant releases

    VirtualCenter 2.5 before Update 3 build 119838

    VMware Workstation 6.0.4 and earlier,
    VMware Workstation 5.5.7 and earlier,
    VMware Player 2.0.4 and earlier,
    VMware Player 1.0.7 and earlier,
    VMware ACE 2.0.4 and earlier,
    VMware ACE 1.0.6 and earlier,
    VMware Server 1.0.6 and earlier,

    VMware ESXi 3.5 without patch ESXe350-200809401-I-SG

    ESX 3.5 without patch ESX350-200809404-SG

    ESX 3.0.3 without patch ESX303-200809401-SG
    ESX 3.0.2 without patch ESX-1006361
    ESX 3.0.1 without patch ESX-1006678

    NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
    and VMware ACE 1.x will reach end of general support
    2008-11-09. Customers should plan to upgrade to the latest
    version of their respective products.

      Extended support (Security and Bug fixes) for ESX 3.0.2 ends
  on 10/29/2008 and Extended support for ESX 3.0.2 Update 1
  ends on 8/8/2009.  Users should plan to upgrade to ESX 3.0.3
  and preferably to the newest release available.

  Extended Support (Security and Bug fixes) for ESX 3.0.1 has
  ended on 2008-07-31.

  3. Problem Description

a. Privilege escalation on 64-bit guest operating systems

VMware products emulate hardware functions, like CPU, Memory, and
IO.

A flaw in VMware's CPU hardware emulation could allow the
virtual CPU to jump to an incorrect memory address. Exploitation of
this issue on the guest operating system does not lead to a
compromise of the host system but could lead to a privilege
escalation on guest operating system.  An attacker would need to
have a user account on the guest operating system.

Affected
64-bit Windows and 64-bit FreeBSD guest operating systems and
possibly other 64-bit operating systems. The issue does not
affect the 64-bit versions of Linux guest operating systems.

VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4279 this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    6.5.x     any      not affected
Workstation    6.0.x     any      6.0.5 build 109488 or later
Workstation    5.x       any      5.5.8 build 108000 or later

Player         2.5.x     any      not affected
Player         2.0.x     any      2.0.5 build 109488 or later
Player         1.x       any      1.0.8 build  or later

ACE            2.5.x     Windows  not affected
ACE            2.0.x     Windows  not affected
ACE            1.x       Windows  not affected

Server         2.x       any      not affected
Server         1.x       any      1.0.7 build 108231 or later

Fusion         2.x       Mac OS/X not affected
Fusion         1.x       Mac OS/X not affected

ESXi           3.5       ESXi     ESXe350-200809401-I-SG

ESX            3.5       ESX      ESX350-200809404-SG
ESX            3.0.3     ESX      ESX303-200809401
ESX            3.0.2     ESX      ESX-1006361
ESX            3.0.1     ESX      ESX-1006678
ESX            2.5.5     ESX      not affected
ESX            2.5.4     ESX      not affected

NOTE: The set of guest operating systems which is affected by
      this issue is a subset of 64-bit operating systems
      (see above for details)

b. Update for VirtualCenter fixes a potential information disclosure

This release resolves an issue where a user's password could be
displayed in cleartext. When logging into VirtualCenter Server 2.0
with Virtual Infrastructure Client 2.5, the user password might be
displayed if it contains certain special characters. The dialog
box displaying the password can appear in front or hidden behind
other windows.

To remediate this issue the VirtualCenter client installations must
be updated after updating to VirtualCenter Update 3

VMware would like to thank Mark Woollatt for reporting this issue
to VMware.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4278 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
======== ======== ======= =======================
Virtual- 2.5 Windows Update 3 build 119838
Center
Virtual- 2.0.2 Windows not affected
Center

hosted * any any not affected

ESXi 3.5 ESXi not affected

ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 3.0.1 ESX not affected
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected

  • hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. Update for VirtualCenter updates JRE to version 1.5.0_16

Update for VirtualCenter updates the JRE package to version 1.5.0_16,
which addresses multiple security issues that existed in the previous
version of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3103, CVE-2008-3104, CVE-2008-3105,
CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109,
CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113,
CVE-2008-3114, CVE-2008-3115 to the security issues fixed in
JRE 1.5.0_16.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
======== ======== ======= =======================
Virtual- 2.5 Windows Update 3 build 119838
Center
Virtual- 2.0.2 Windows affected, patch pending
Center

hosted * any any not affected

ESXi 3.5 ESXi not affected

ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected

  • hosted products are VMware Workstation, Player, ACE, Server, Fusion.

Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.

    The currently installed version of JRE depends on your patch
    deployment history.

  1. Solution

    Please review the patch/release notes for your product and version
    and verify the md5sum of your downloaded file.

    VirtualCenter

    VMware VirtualCenter 2.5 Update 3 build 119838
    http://www.vmware.com/download/download.do?downloadGroup=VC250U3
    DVD iso image
    md5sum: 100161907e702ec745f8449f4958b1c4
    Zip file
    md5sum: 5ccc8e915044c046554e39390c2c142a
    Release Notes
    http://www.vmware.com/support/vi3/doc/vi3_vc25u3_rel_notes.html

    VMware Workstation 6.0.5

    http://www.vmware.com/download/ws/
    Release notes:
    http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

    Windows binary
    md5sum: 46b4c54f0493f59f52ac6c2965296859

    RPM Installation file for 32-bit Linux
    md5sum: 49ebfbd05d146ecc43262622ab746f03

    tar Installation file for 32-bit Linux
    md5sum: 14ac93bffeee72528629d4caecc5ef37

    RPM Installation file for 64-bit Linux
    md5sum: 0a856f1a1a31ba3c4b08bcf85d97ccf6

    tar Installation file for 64-bit Linux
    md5sum: 3b459254069d663e9873a661bc97cf6c

    VMware Workstation 5.5.8

    http://www.vmware.com/download/ws/ws5.html
    Release notes:
    http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

    Windows binary:
    md5sum: 745c3250e5254eaf6e65fcfc4172070f

    Compressed Tar archive for 32-bit Linux
    md5sum: 65a454749d15d4863401619d7ff5566e

    Linux RPM version for 32-bit Linux
    md5sum: d80adc73b1500bdb0cb24d1b0733bcff

    VMware Player 2.0.5 and 1.0.8

    http://www.vmware.com/download/player/
    Release notes Player 1.x:
    http://www.vmware.com/support/player/doc/releasenotes_player.html
    Release notes Player 2.0
    http://www.vmware.com/support/player2/doc/releasenotes_player2.html

    2.0.5 Windows binary
    md5sum: 60265438047259b23ff82fdfe737f969

    VMware Player 2.0.5 for Linux (.rpm)
    md5sum: 3bc81e203e947e6ca5b55b3f33443d34

    VMware Player 2.0.5 for Linux (.tar)
    md5sum: f499603d790edc5aa355e45b9c5eae01

    VMware Player 2.0.5 - 64-bit (.rpm)
    md5sum: 85bc2f11d06c362feeff1a64ee5a6834

    VMware Player 2.0.5 - 64-bit (.tar)
    md5sum: b74460bb961e88817884c7e2c0f30215

    1.0.8 Windows binary
    md5sum: e5f927304925297a7d869f74b7b9b053

    Player 1.0.8 for Linux (.rpm)
    md5sum: a13fdb8d72b661cefd24e7dcf6e2a990

    Player 1.0.8 for Linux (.tar)
    md5sum: 99fbe861253eec5308d8c47938e8ad1e

    VMware ACE 2.0.5

    http://www.vmware.com/download/ace/
    Release notes 2.0:
    http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ACE Manager Server Virtual Appliance
    Virtual Appliance for the ACE Management Server
    md5sum: 41e7349f3b6568dffa23055bb629208d

    ACE for Window 32-bit and 64-bit
    Main installation file for Windows 32-bit and 64-bit host (ACE Option
    Page key required for enabling ACE authoring)
    md5sum: 46b4c54f0493f59f52ac6c2965296859

    ACE Management Server for Windows
    ACE Management Server installation file for Windows
    md5sum: 33a015c4b236329bcb7e12c82271c417

    ACE Management Server for Red Hat Enterprise Linux 4
    ACE Management Server installation file for Red Hat Enterprise Linux 4
    md5sum: dc3bd89fd2285f41ed42f8b28cd5535f

    ACE Management Server for SUSE Enterprise Linux 9
    ACE Management Server installation file for SUSE Enterprise Linux 9
    md5sum: 2add6a4fc97e1400fb2f94274ce0dce0

    VMware ACE 1.0.7

    http://www.vmware.com/download/ace/
    Release notes:
    http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
    md5sum: 42d806cddb8e9f905722aeac19740f33

    VMware Server 1.0.7

    http://www.vmware.com/download/server/
    Release notes:
    http://www.vmware.com/support/server/doc/releasenotes_server.html

    VMware Server for Windows 32-bit and 64-bit
    md5sum: 2e2ee5ebe08ae48eac5e661cad01acf6

    VMware Server Windows client package
    md5sum: ce7d906a5a8de37cbc20db4332de1adb

    VMware Server for Linux
    md5sum: 04f201122b16222cd58fc81ca814ff8c

    VMware Server for Linux rpm
    md5sum: 6bae706df040c35851823bc087597d8d

    Management Interface
    md5sum: e67489bd2f23bcd4a323d19df4e903e8

    VMware Server Linux client package
    md5sum: 99f1107302111ffd3f766194a33d492b

    ESXi

    ESXi 3.5 patch ESXe350-200809401-I-SG
    http://download3.vmware.com/software/esx/ESXe350-200809401-O-SG.zip
    md5sum: 0eadf92eaf0d721e63200348a53e0469
    http://kb.vmware.com/kb/1007090

    NOTE: ESXe350-200809401-O-SG contains the following patch bundles:
    ESXe350-200809401-I-SG ESXe350-200808202-T-UG
    ESXe350-200808203-C-UG

    ESX

    ESX 3.5 patch ESX350-200809404-SG
    http://download3.vmware.com/software/esx/ESX350-200809404-SG.zip
    md5sum: ee7e7f09e3a1e0aa4cc4b042a9a91a22
    http://kb.vmware.com/kb/1007089

    ESX 3.0.3 patch ESX303-200809401
    http://download3.vmware.com/software/vi/ESX303-200809401-SG.zip
    md5sum: e3be0f0f0b8a3ae612d99db2fa79c9e8
    http://kb.vmware.com/kb/1006673

    ESX 3.0.2 patch ESX-1006361
    http://download3.vmware.com/software/vi/ESX-1006361.tgz
    md5sum: f5c997ee045ba190e41f75b65e67c309
    http://kb.vmware.com/kb/1006361

    ESX 3.0.1 patch ESX-1006678
    http://download3.vmware.com/software/vi/ESX-1006678.tgz
    md5sum: 68e43b272569693b1f54fd206b2a89ca
    http://kb.vmware.com/kb/1006678

  2. References

    CVE numbers
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4279
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4278
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115

  1. Change log

2008-10-03 VMSA-2008-0016
Initial security advisory after release of ESX 3.5 and ESXi patches and
VirtualCenter 2.5 Update 3 on 2008-10-03. Relevant patches for ESX 3.0.x
came out on 2008-09-30. Hosted releases were on 2008-08-28, see
VMSA-2008-0014 for details.

  1. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkjmyjYACgkQS2KysvBH1xkdQQCfWgCAtw7u5nEaScAZheYn4Lea
4hUAnjhb/kF2O/QxnvlAzH22aCUOGRfj
=pwPz
-----END PGP SIGNATURE-----

Related

nessus 37
vmware 2
suse 3
openvas 24
redhat 12
securityvulns 2
prion 15
cve 15
ubuntucve 14
d2 1
zdi 2
checkpoint_advisories 2
saint 4
f5 2
gentoo 1
ibm 1
nessus
nessus
VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2009-07-27 00:00:00
Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities
2008-07-15 00:00:00
Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)
2013-02-22 00:00:00
vmware
vmware
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
suse
suse
remote code execution in Sun Java security update
2008-08-25 12:44:04
remote code execution in java-1_5_0-ibm,IBMJava5
2008-09-17 13:28:28
remote code execution in IBMJava5-JRE,java-1_5_0-ibm
2008-09-04 13:19:33
openvas
openvas
SuSE Update for Sun Java security update SUSE-SA:2008:042
2009-01-23 00:00:00
SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK
2009-10-10 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
redhat
redhat
(RHSA-2008:0594) Critical: java-1.6.0-sun security update
2008-07-14 00:00:00
(RHSA-2008:0906) Critical: java-1.6.0-ibm security update
2008-10-24 00:00:00
(RHSA-2008:0595) Critical: java-1.5.0-sun security update
2008-07-14 00:00:00
securityvulns
securityvulns
VMWare privilege escalation
2008-10-06 00:00:00
VMware Emulation Flaw x64 Guest Privilege Escalation &#40;2/2&#41;
2008-11-10 00:00:00
prion
prion
Code injection
2008-07-09 23:41:00
Design/Logic Flaw
2008-07-09 23:41:00
Default credentials
2008-10-06 19:54:00
cve
cve
CVE-2008-3106
2008-07-09 23:41:00
CVE-2008-3109
2008-07-09 23:41:00
CVE-2008-4278
2008-10-06 19:54:00
ubuntucve
ubuntucve
CVE-2008-3106
2008-07-09 00:00:00
CVE-2008-3109
2008-07-09 00:00:00
CVE-2008-3104
2008-07-09 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_JAVAWS2
2008-07-09 23:41:00
zdi
zdi
Sun Java Web Start Sandbox Bypass Vulnerability
2008-07-17 00:00:00
Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
2008-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow (CVE-2008-3111)
2010-03-03 00:00:00
Sun Java Web Start JNLP vm args Stack Overflow (CVE-2008-3111)
2009-12-24 00:00:00
saint
saint
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
f5
f5
K16475 : Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
SOL16475 - Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SECURITYVULNS:DOC:20659
nessus37vmware2suse3openvas24redhat12securityvulns2prion15cve15ubuntucve14d21zdi2checkpoint_advisories2saint4f52gentoo1ibm1