lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49DF7250.20302@vmware.com>
Date: Fri, 10 Apr 2009 09:22:40 -0700
From: VMware Security Team <security@...are.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: VMSA-2009-0006 VMware Hosted products and patches
 for ESX and ESXi resolve a critical security vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory
 
Advisory ID:       VMSA-2009-0006
Synopsis:          VMware Hosted products and patches for ESX and ESXi
                   resolve a critical security vulnerability
Issue date:        2009-04-10
Updated on:        2009-04-10 (initial release of advisory)
CVE numbers:       CVE-2009-1244
- ------------------------------------------------------------------------
 
1. Summary
 
   Updated VMware Hosted products and patches for ESX and ESXi resolve a
   critical security vulnerability.
 
2. Relevant releases
 
   VMware Workstation 6.5.1 and earlier,
   VMware Player 2.5.1 and earlier,
   VMware ACE 2.5.1 and earlier,
   VMware Server 2.0,
   VMware Server 1.0.8 and earlier,
   VMware Fusion 2.0.3 and earlier,

   VMware ESXi 3.5 without patch ESXe350-200904201-O-SG,
 
   VMware ESX 3.5 without patch ESX350-200904201-SG,

   VMware ESX 3.0.3 without patch ESX303-200904403-SG,

   VMware ESX 3.0.2 without patch ESX-1008421.
 
   NOTE: General Support for Workstation version 5.x ended on 2009-03-19.
         Users should plan to upgrade to the latest Workstation version
         6.x release.

         Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
         Users should plan to upgrade to ESX 3.0.3 and preferably to the
         newest release available.
 
3. Problem Description
 
 a. Host code execution vulnerability from a guest operating system
 
    A critical vulnerability in the virtual machine display function
    might allow a guest operating system to run code on the host.

    This issue is different from the vulnerability in a guest virtual
    device driver reported in VMware security advisory VMSA-2009-0005
    on 2009-04-03. That vulnerability can cause a potential denial of
    service and is identified by CVE-2008-4916.
 
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-1244 to this issue.
 
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.
 
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
 
    Workstation    6.5.x     any      6.5.2 build 156735 or later
    Workstation    6.0.x     any      upgrade to at least 6.5.2
 
    Player         2.5.x     any      2.5.2 build 156735 or later
    Player         2.0.x     any      upgrade to at least 2.5.2
 
    ACE            2.5.x     Windows  2.5.2 build 156735 or later
    ACE            2.0.x     Windows  upgrade to at least 2.5.2
 
    Server         2.x       any      2.0.1 build 156745 or later
    Server         1.x       any      1.0.9 build 156507 or later
 
    Fusion         2.x       Mac OS/X 2.0.4 build 159196 or later
 
    ESXi           3.5       ESXi     ESXe350-200904201-O-SG
 
    ESX            3.5       ESX      ESX350-200904201-SG
    ESX            3.0.3     ESX      ESX303-200904403-SG
    ESX            3.0.2     ESX      ESX-1008421
    ESX            2.5.5     ESX      not affected
 
 
4. Solution
 
   Please review the patch/release notes for your product and version
   and verify the md5sum and/or the sha1sum of your downloaded file.
 
   VMware Workstation 6.5.2
   ------------------------
   http://www.vmware.com/download/ws/
   Release notes:
   http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html
 
   For Windows
 
   Workstation for Windows 32-bit and 64-bit
   Windows 32-bit and 64-bit .exe
   md5sum: 8336586b9f9e5180d5279a0b988e82a6
   sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
 
   For Linux
 
   Workstation for Linux 32-bit
   Linux 32-bit .rpm
   md5sum: 69b039c848f6b2c94948928d8e9057bb
   sha1sum: 37ca77ef550db932cf7b078fcbd6fa0155e3411e
 
   Workstation for Linux 32-bit
   Linux 32-bit .bundle
   md5sum: 5d4ccf9c23701d09a671f586a9bb4190
   sha1sum: d508111adf479d82049c323b1d0b82200c0ab4dd
 
   Workstation for Linux 64-bit
   Linux 64-bit .rpm
   md5sum: 19387416e3b597b901dfe84e4a2bcd97
   sha1sum: 0726518abc9a77051d991af570774bae1625ff78
 
   Workstation for Linux 64-bit
   Linux 64-bit .bundle
   md5sum: 56dfc3adcf96701f440b19a8cf06c3df
   sha1sum: 04aa442a2b9bf2c67d6266a410b20ef146b93bef
 

   VMware Player 2.5.2
   -------------------
   http://www.vmware.com/download/player/
   Release notes:
   http://www.vmware.com/support/player25/doc/releasenotes_player252.html
 
   Player for Windows binary
 
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.2-156735.ex
e
   md5sum: 01356d729e9b031c8904e9560a02c469
 
   Player for Linux (.rpm)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i3
86.rpm
   md5sum: aa047047b72de7f4b53d9c2128b53bec
 
   Player for Linux (.bundle)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i3
86.bundle
   md5sum: bd51e8f8ef2417080c6d734f6ea9fb87
 
   VMware Player 2.5.2 - 64-bit (.rpm)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x8
6_64.rpm
   md5sum: 5b488b97b5091d3980eb74ec0a5c065b
 
   VMware Player 2.5.2 - 64-bit (.bundle)
 
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x8
6_64.bundle
   md5sum: 25254cd60c4063c2c68a8bf50c2c4869
 

   VMware ACE 2.5.2
   ----------------
   http://www.vmware.com/download/ace/
   Release notes:
   http://www.vmware.com/support/ace25/doc/releasenotes_ace252.html
 
   ACE Management Server Virtual Appliance
   AMS Virtual Appliance .zip
   md5sum: 430ff7792d9d490d1678fc22b4c62121
   sha1sum: 98b74e0dba4214b055c95ccea656bfa2731c3fee
 
   VMware ACE for Windows 32-bit and 64-bit
   Windows 32-bit and 64-bit .exe
   md5sum: 8336586b9f9e5180d5279a0b988e82a6
 
   ACE Management Server for Windows
   Windows .exe
   md5sum: 44918519a7bac2501b211c9825ed8268
   sha1sum: 97655c824815f7c4e25f6940c708f835ab616da9
 
   ACE Management Server for SUSE Enterprise Linux 9
   SLES 9 .rpm
   md5sum: 7fcb0409474c7e81accc90f25d80b00e
   sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
 
   ACE Management Server for Red Hat Enterprise Linux 4
   RHEL 4 .rpm
   md5sum: 745e3115f8557fa04c2ddaf25320a911
   sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
 

   VMware Server 2.0.1
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html
 
   For Windows
 
   VMware Server 2
   Version 2.0.1 | 156745 - 03/31/09
   507 MB EXE image VMware Server 2 for Windows Operating Systems. A
   master installer file containing all Windows components of VMware
   Server.
   md5sum: d0eefaa79e42d13a693c4d732a460ba4
 
   VIX API 1.6 for Windows.
   Version 1.6.2 | 156745 - 03/31/09 37 MB EXE image
   md5sum: ad531ed3c37c0a50fb915981f83ca133
 
   For Linux
 
   VMware Server 2 for Linux Operating Systems.
   Version 2.0.1 | 156745 - 03/31/09 465 MB RPM image
   md5sum: eb42331bbd9be30848826b8cab73e0ca
 
   VMware Server 2 for Linux Operating Systems.
   Version 2.0.1 | 156745 - 03/31/09 466 MB TAR image
   md5sum: be96bc1696f4cef67755bfd2553ce233
 
   VMware Server 2 for Linux Operating Systems 64-bit version.
   Version 2.0.1 | 156745 - 03/31/09 434 MB RPM image
   md5sum: 697a792c70d50e98a347c06b323bd20b
 
   The core application needed to run VMware Server 2, 64-bit version.
   Version 2.0.1 | 156745 - 03/31/09 436 MB TAR image
   md5sum: f40498229772910d6a6788b7803f9c38
 
   VIX API 1.6 for Linux.
   Version 1.6.2 | 156745 - 03/31/09 17 MB TAR image
   md5sum: 2ef6174b90cdd9a2832b57dbe94cfbb1
 
   64-bit VIX API 1.6 for Linux.
   Version 1.6.2 | 156745 - 03/31/09 21 MB TAR image
   md5sum: 454aeba273f9a89c578223c95b262323
 

   VMware Server 1.0.9
   -------------------
   http://www.vmware.com/download/server/
   Release notes:
   http://www.vmware.com/support/server/doc/releasenotes_server.html
 
   VMware Server for Windows 32-bit and 64-bit
 
http://download3.vmware.com/software/vmserver/VMware-server-installer-1.0.9
- -156507.exe
   md5sum: 8c650f8a0a0521b69c6aba00d910cfb9
 
   VMware Server Windows client package
 
http://download3.vmware.com/software/vmserver/VMware-server-win32-client-1.
0.9-156507.zip
   md5sum: c83e673f7422a4f3edaf7d9337cf5d6d
 
   VMware Server for Linux
 
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.ta
r.gz
   md5sum: ff4b57588514c83b1a828e3b19843ad2
 
   VMware Server for Linux rpm
 
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.i3
86.rpm
   md5sum: c8fc9e9f948f2807b9f8bfb3ca318f36
 
   Management Interface
 
http://download3.vmware.com/software/vmserver/VMware-mui-1.0.9-156507.tar.g
z
   md5sum: dbf99faef8bd26e173cf2514d7bea449
 
   VMware Server Linux client package
 
http://download3.vmware.com/software/vmserver/VMware-server-linux-client-1.
0.9-156507.zip
   md5sum: 7e76a481408454a747bb4d076a6e2524
 
 
   VMware Fusion 2.0.4
   -------------------
   http://www.vmware.com/download/fusion
   Release notes:      
   http://www.vmware.com/support/fusion2/doc/releasenotes_fusion_204.html
   md5sum: 689eaf46746cdc89a595e0ef81b714b3
   sha1sum:46300075feb00df099d5272b984f762416d33791


   ESXi
   ----
   ESXi 3.5 patch ESXe350-200904201-O-SG
   http://download3.vmware.com/software/vi/ESXe350-200904201-O-SG.zip
   md5sum: 1f35c8bd1f00261cdea52db8b6b98eca
   http://kb.vmware.com/kb/1009853

   NOTES: The three ESXi patches for Firmware "I", VMware Tools "T,"
          and the VI Client "C" are contained in a single offline "O"
          download file.
 

   ESX
   ---
   ESX 3.5 patch ESX350-200904201-SG
   http://download3.vmware.com/software/vi/ESX350-200904201-SG.zip
   md5sum: 8ca2816aacf2436ce8b346861a553394
   http://kb.vmware.com/kb/1009852
 
   ESX 3.0.3 patch ESX303-200904403-SG
   http://download3.vmware.com/software/vi/ESX303-200904403-SG.zip
   md5sum: a81f96598b98e3d8216ebdfa9570f8a5
   http://kb.vmware.com/kb/1008422

   ESX 3.0.2 patch ESX-1008421
   http://download3.vmware.com/software/vi/ESX-1008421.tgz
   md5sum: 377d94ae3a756e627e7a6c9330d4369e
   http://kb.vmware.com/kb/1008421


5. References
 
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244
 
 
6. Change log
 
2009-04-10  VMSA-2009-0006
Initial security advisory after release of Fusion 2.0.4 and ESX and ESXi
patches on 2009-04-10. Workstation 6.5.2, Player 2.5.2, ACE 2.5.2,
Server 1.0.9 and Server 2.0.1 were released on 2009-04-01.
 
- -----------------------------------------------------------------------
7. Contact
 
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
 
This Security Advisory is posted to the following lists:
 
  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk
 
E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
 
VMware Security Center
http://www.vmware.com/security
 
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
 
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
 
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
 
Copyright 2009 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFJ33IpS2KysvBH1xkRAnViAJ0W7icNieWVjx0/qfTyMi9qA3Ad2ACdFx3M
mPyl9WXQjPc3SJdz+kHJWng=
=rkNe
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ