[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47BDCAEF.5070100@vmware.com>
Date: Thu, 21 Feb 2008 11:03:11 -0800
From: VMware Security team <security@...are.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: VMSA-2008-0003 Moderate: Updated aacraid driver
and samba and python service console updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0003
Synopsis: Moderate: Updated aacraid driver and samba
~ and python service console updates
Issue date: 2008-02-04
Updated on: 2008-02-04 (initial release of advisory)
CVE numbers: CVE-2007-6015 CVE-2006-7228 CVE-2007-2052
~ CVE-2007-4965 CVE-2007-4308
- -------------------------------------------------------------------
1. Summary:
~ Security updates to aacraid driver, samba and python
2. Relevant releases:
ESX Server 3.0.2 without patches ESX-1003362, ESX-1003359, ESX-1003360
ESX Server 3.0.1 without patches ESX-1003350, ESX-1003347, ESX-1003348
ESX Server 2.5.5 Upgrade Patch 4
ESX Server 2.5.4 Upgrade Patch 15
NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at
~ least 2.5.5 and preferably the newest release available before the
~ end of extended support.
NOTE: ESX 3.0.1 is in Extended Support and its end of support (Security
~ and Bug fixes) is 07/31/2008. Users should plan to upgrade to at
~ least 3.0.2 update 1 and preferably the newest release available
~ before the end of extended support.
ESX Server versions 3.0.0 and prior to 2.5.4 are no longer in Extended
Support. Users should upgrade to a supported version of the product.
The VMware Infrastructure Support Life Cycle Policy can be found here:
http://www.vmware.com/support/policies/eos_vi.html
3. Problem description:
~ I Updated aacraid driver
~ This patch fixes a flaw in how the aacraid SCSI driver checked
~ IOCTL command permissions. This flaw might allow a local user
~ on the service console to cause a denial of service or gain
~ privileges. Thanks to Adaptec for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-4308 to this issue.
~ ESX Server 3.0.2 ESX-1003362
~ http://download3.vmware.com/software/vi/ESX-1003362.tgz
~ md5sum: f828e7c1c00c2b32ebd4f14f92febe16
~ http://kb.vmware.com/kb/1003362
~ ESX Server 3.0.1 ESX-1003350
~ http://download3.vmware.com/software/vi/ESX-1003350.tgz
~ md5sum: 490e042c9a726480fe3d3cbc6b4fae5a
~ http://kb.vmware.com/kb/1003350
~ ESX Server 2.5.4 Upgrade Patch 15
~ ESX Server 2.5.5 Upgrade Patch 4
~ RPM Updated:
~ VMware-esx-drivers-scsi-aacraid_esx30.rpm
~ kernel-vmnix.rpm
~ VM Shutdown: Yes
~ Host Reboot: Yes
~ II Service Console package security updates
~ a. Samba
~ Alin Rad Pop of Secunia Research found a stack buffer overflow
~ flaw in the way Samba authenticates remote users. A remote
~ unauthenticated user could trigger this flaw to cause the Samba
~ server to crash or to execute arbitrary code with the
~ permissions of the Samba server.
~ Note: This vulnerability can be exploited only if the attacker
~ has access to the service console network. The Samba
~ client is installed by default in the service console, but
~ the Samba server is not.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-6015 to this issue.
~ RPM Updated:
~ samba-3.0.9-1.3E.14.3.i386.rpm,
~ samba-client-3.0.9-1.3E.14.3.i386.rpm,
~ samba-common-3.0.9-1.3E.14.3.i386.rpm
~ VM Shutdown: No
~ Host Reboot: No
~ ESX Server 3.0.2 ESX-1003359
~ http://download3.vmware.com/software/vi/ESX-1003359.tgz
~ md5sum: c1fc3232c76aea150308b2227d9d522e
~ http://kb.vmware.com/kb/1003359
~ ESX Server 3.0.1 ESX-1003347
~ http://download3.vmware.com/software/vi/ESX-1003347.tgz
~ md5sum: 60bb8e5136b7ce08171719b42fda60cf
~ http://kb.vmware.com/kb/1003347
~ ESX Server 2.5.4 Upgrade Patch 15
~ ESX Server 2.5.5 Upgrade Patch 4
~ Deployment Considerations
~ IMPORTANT: The samba-3.0.9-1.3E.14.3vmw RPM is not installed
~ with a default installation of ESX Server software, but some
~ customers choose to install the Samba application on their
~ hosts. VMware recommends against installing such applications in
~ the console operating system, but in order to provide a
~ complete fix to this security issue, this patch supplies the
~ samba-3.0.9-1.3E.14.3vmw RPM. Applying this patch will install
~ the RPM while updating the samba-client-3.0.9-1.3E.14.3vmw and
~ samba-common-3.0.9-1.3E.14.3vmw RPMs, which are part of a
~ default ESX Server software installation. To exclude the
~ samba-3.0.9-1.3E.14.3vmw RPM when installing this bundle, use
~ the exclude option for the esxupdate utility as follows:
~ esxupdate -d <DepotURL> -x samba-3.0.9-1.3E.14.3vmw update
~ Here, <DepotURL> is the URL of the depot from which you are
~ installing your bundles. See the ESX Server 3 Patch Management
~ Guide for more information on advanced options for the esxupdate
~ utility.
~ b. Python
~ Chris Evans of the Google security research team discovered an
~ integer overflow issue with the way Python's Perl-Compatible
~ Regular Expression (PCRE) module handled certain regular
~ expressions. If a Python application used the PCRE module to
~ compile and execute untrusted regular expressions, it might be
~ possible to cause the application to crash, or to execute
~ arbitrary code with the privileges of the Python interpreter.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2006-7228 to this issue.
~ Piotr Engelking discovered a flaw in Python's locale module
~ where strings generated by the strxfrm() function were not
~ properly NUL-terminated. This might result in disclosure of
~ data stored in the memory of a Python application using the
~ strxfrm() function.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-2052 to this issue.
~ Slythers Bro reported multiple integer overflow flaws in
~ Python's imageop module. These could allow an attacker to cause
~ a Python application to crash, enter an infinite loop, or
~ possibly execute arbitrary code with the privileges of the
~ Python interpreter.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-4965 to this issue.
~ RPM Updated:
~ python-2.2.3-6.8.i386.rpm
~ VM Shutdown: Yes
~ Host Reboot: Yes
~ ESX Server 3.0.2 ESX-1003360
~ http://download3.vmware.com/software/vi/ESX-1003360.tgz
~ md5sum: 91d08543a3303827f3e07e12ffd45241
~ http://kb.vmware.com/kb/1003360
~ ESX Server 3.0.1 ESX-1003348
~ http://download3.vmware.com/software/vi/ESX-1003348.tgz
~ md5sum: b1fa900baa6ab18266f2840579cfe712
~ http://kb.vmware.com/kb/1003348
~ ESX Server 2.5.4 Upgrade Patch 15
~ ESX Server 2.5.5 Upgrade Patch 4
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ ESX Server 3.x Patches:
~ http://www.vmware.com/download/vi/vi3_patches.html
~ ESX Server 2.x Patches:
~ http://www.vmware.com/download/esx/esx2_patches.html
~ ESX Server 2.5.5 Upgrade Patch 4
~ http://download3.vmware.com/software/esx/esx-2.5.5-69113-upgrade.tar.gz
~ md5sum: 354fce25ac29411cf5aafecf17f9d446
~ http://www.vmware.com/support/esx25/doc/esx-255-200801-patch.html
~ ESX Server 2.5.4 Upgrade Patch 15
~ http://download3.vmware.com/software/esx/esx-2.5.4-69112-upgrade.tar.gz
~ md5sum: a31065571a2da5bb5e69a5ccab6aa467
~ http://www.vmware.com/support/esx25/doc/esx-254-200801-patch.html
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@...ts.vmware.com
~ * bugtraq@...urityfocus.com
~ * full-disclosure@...ts.grok.org.uk
E-mail: security@...are.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHvcrsS2KysvBH1xkRCNIdAJ9OvodyE8igopX7q4lxDV02OipNHwCfb0TQ
lYOQsaNgLRSCKJEtB5kICg4=
=+FkR
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists