[<prev] [next>] [day] [month] [year] [list]
Message-ID: <480554F6.7010005@vmware.com>
Date: Tue, 15 Apr 2008 18:23:02 -0700
From: VMware Security team <security@...are.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: VMSA-2008-0007 Moderate Updated Service Console
packages pcre, net-snmp, and OpenPegasus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0007
Synopsis: Moderate Updated Service Console packages pcre
~ net-snmp, and OpenPegasus
Issue date: 2008-04-15
Updated on: 2008-04-15 (initial release of advisory)
CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
~ CVE-2008-0003
- -------------------------------------------------------------------
1. Summary:
~ Updated Service Console packages for pcre, net-snmp, and OpenPegasus
2. Relevant releases:
~ VMware ESX 3.5 without patch ESX350-200803214-UG
3. Problem description:
~ a. Updated pcre Service Console package addresses several security issues
~ The pcre package contains the Perl-Compatible Regular Expression library.
~ pcre is used by various Service Console utilities.
~ Several security issues were discovered in the way PCRE handles
~ regular expressions. If an application linked against PCRE parsed a
~ malicious regular expression, it may have been possible to run
~ arbitrary code as the user running the application.
~ VMware would like to thank Ludwig Nussel for reporting these issues.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.
~ RPM Updated:
~ pcre-3.9-10.4.i386.rpm
~ b. Updated net-snmp Service Console package addresses denial of service
~ net-snmp is an implementation of the Simple Network Management
~ Protocol (SNMP). SNMP is used by network management systems to
~ monitor hosts. By default ESX has this service enabled and its ports
~ open on the ESX firewall.
~ A flaw was discovered in the way net-snmp handled certain requests. A
~ remote attacker who can connect to the snmpd UDP port could send a
~ malicious packet causing snmpd to crash, resulting in a denial of
~ service.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the name CVE-2007-5846 to this issue.
~ RPM Updated:
~ net-snmp-5.0.9-2.30E.23.i386.rpm
~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm
~ c. Updated OpenPegasus Service Console package fixes overflow condition
~ OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
~ Management (WBEM) broker. These protocols are used by network management
~ systems to monitor and control hosts. By default ESX has this service
~ enabled and its ports open on the ESX firewall.
~ A flaw was discovered in the OpenPegasus CIM management server that
~ might allow remote attackers to execute arbitrary code. OpenPegasus
~ when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
~ defined, has a stack-based buffer overflow condition.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the name CVE-2008-0003 to this issue.
~ RPMS updated:
~ cim-smwg-1.0-release-606113.i386.rpm
~ pegasus-2.5-release-606113.i386.rpm
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
~ ESX 3.5 patch ESX350-200803214-UG
~ http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
~ md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060
~ http://kb.vmware.com/kb/1003721
~ RPMS updated with patch ESX350-200803214-UG
~ e2fsprogs-1.32-15.4.i386.rpm
~ net-snmp-5.0.9-2.30E.23.i386.rpm
~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm
~ pcre-3.9-10.4.i386.rpm
~ libxml2-2.5.10-8.i386.rpm
~ libxml2-python-2.5.10-8.i386.rpm
~ ESX 3.5 patch ESX350-200803201-UG
~ http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip
~ md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
~ http://kb.vmware.com/kb/1003695
~ RPMS updated with ESX350-200803201-UG
~ cim-smwg-1.0-release-606113.i386.rpm
~ pegasus-2.5-release-606113.i386.rpm
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003
6. Change log
2008-04-15 VMSA-2008-0007 Initial release
- -------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@...ts.vmware.com
~ * bugtraq@...urityfocus.com
~ * full-disclosure@...ts.grok.org.uk
E-mail: security@...are.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIBVTyS2KysvBH1xkRCMNGAJ9kdOVbJNb9cK7hoyXpPbkSXgqvnwCfaXGz
bNkhUejzelQIDSGqZkUDgWY=
=jhJt
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists