[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4D1125A9.5000309@vmware.com>
Date: Tue, 21 Dec 2010 14:09:45 -0800
From: VMware Security Team <security@...are.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: VMSA-2010-0020 VMware ESXi 4.1 Update Installer
SFCB Authentication Flaw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0020
Synopsis: VMware ESXi 4.1 Update Installer SFCB Authentication
Flaw
Issue date: 2010-12-21
Updated on: 2010-12-21
CVE numbers: CVE-2010-4573
- ------------------------------------------------------------------------
1. Summary
VMware ESXi 4.1 Update Installer might introduce a SFCB
Authentication Flaw.
2. Relevant releases
VMware ESXi 4.1 if upgraded from ESXi 3.5 or ESXi 4.0 with a modified
SFCB configuration file.
3. Problem Description
a. ESXi 4.1 Update Installer SFCB Authentication Flaw
Under certain conditions, the ESXi 4.1 installer that upgrades an
ESXi 3.5 or ESXi 4.0 host to ESXi 4.1 incorrectly handles the SFCB
authentication mode. The result is that SFCB authentication could
allow login with any username and password combination.
An ESXi 4.1 host is affected if all of the following apply:
- ESXi 4.1 was upgraded from ESXi 3.5 or ESXi 4.0.
- The SFCB configuration file /etc/sfcb/sfcb.cfg was modified prior
to the upgrade.
- The sfcbd daemon is running (sfcbd runs by default).
Workaround
A workaround that can be applied to ESXi 4.1 is described in VMware
Knowledge Base Article KB 1031761
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-4573 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi see KB 1031761 for workaround **
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX any ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** ESXi 4.1 is only affected if upgraded from ESXi 3.5 or ESXi 4.0
with a modified SFCB configuration file.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESXi 4.1
--------
Workaround described in VMware Knowledge Base Article KB 1031761
http://kb.vmware.com/kb/1031761
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4573
- ------------------------------------------------------------------------
6. Change log
2010-12-21 VMSA-2010-0020
Initial security advisory after release of VMware knowledge base article
that documents workaround on 2010-12-21.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAk0RJaQACgkQS2KysvBH1xk5gwCfeuwzOhjNuAQKDY/OGqVevkFk
yv4An04Kf4+MQr2Lxg1ObnrhblLZw280
=579r
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists