VMware Security Advisory – VMSA-2015-0001.2

I have not done any of these for a while, so here we go, this is a catch all advisory to close down an number of vulnerabilities,  the original advisory was released in january and this one adds a couple of new products that have been patched.  if your product is down as having an available patch, then update to close down the risk

 

Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
Issue date: 2015-01-27
Updated on: 2015-03-26
CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044— OPENSSL—CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568

— libxml2 —

CVE-2014-3660

  1. Summary

VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

 

  1. Relevant Releases

VMware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1
VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG, ESXi510-201503101-SG
ESXi 5.0 without patch ESXi500-201405101-SG, ESXi500-201502101-SG

 

  1. Problem Description

a:  VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host.

The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System.

Mitigation

For ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater.

VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/ Apply Patch
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any 6.0.5
ESXi 5.5 ESXi ESXi550-201403102-SG
ESXi 5.1 ESXi ESXi510-201404101-SG
ESXi 5.0 ESXi ESXi500-201405101-SG

b: VMware Workstation, Player, and Fusion Denial of Service vulnerability

VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system.

VMware would like to thank Peter Kamensky from Digital Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/ Apply Patch
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any 7.0.1
Fusion 6.x any 6.0.5

 

c: VMware ESXi, Workstation, and Player Denial of Service vulnerability

VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial.

VMware would like to thank Dmitry Yudin @ret5et for reporting this issue to us through HP’s Zero Day Initiative.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/ Apply Patch
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any not affected
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201410101-SG
ESXi 5.0 ESXi not affected

 

d: Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package

The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 (ìPOODLEî) and CVE-2014-3568 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each lease, if a solution is available.

VMware Product Product Version Running on Replace with/ Apply Patch
vCenter Server 5.5 any Update 2d*
vCenter Server 5.1 any Patch pending
vCenter Server 5.0 any Patch pending
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201503101-SG
ESXi 5.0 ESXi ESXi500-201502101-SG

* The VMware vCenter 5.5 SSO component will be updated in a later release.

e: Update to ESXi libxml2 package

The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/ Apply Patch
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201503101-SG
ESXi 5.0 ESXi Patch pending
  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workstation 10.x:- https://www.vmware.com/go/downloadworkstation

VMware Player 6.x:- https://www.vmware.com/go/downloadplayer

VMware Fusion 7.x and 6.x:- https://www.vmware.com/go/downloadplayer

 

vCenter Server

Downloads and Documentation:- https://www.vmware.com/go/download-vsphere

 

ESXi 5.5 Update 2d

File: update-from-esxi5.5-5.5_update01.zip

md5sum: 5773844efc7d8e43135de46801d6ea25

sha1sum: 6518355d260e81b562c66c5016781db9f077161f

http://kb.vmware.com/kb/2065832

update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

 

ESXi 5.5

File: ESXi550-201501001.zip

md5sum: b0f2edd9ad17d0bae5a11782aaef9304

sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1

http://kb.vmware.com/kb/2099265

ESXi550-201501001.zip contains ESXi550-201501101-SG

 

ESXi 5.1

File: ESXi510-201404001.zip

md5sum: 9dc3c9538de4451244a2b62d247e52c4

sha1sum: 2e052145f1697a781148e9866438a47c9cbd7ea9

http://kb.vmware.com/kb/2070666

ESXi510-201404001 contains ESXi510-201404101-SG

 

ESXi 5.1

File: ESXi510-201503001.zip

md5sum: 696360824ce098115f9fdba678391c3a

sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66

http://kb.vmware.com/kb/2099286

ESXi510-201503001 contains ESXi510-201503001-SG

 

ESXi 5.0

File: ESXi500-201405001.zip

md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d

sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5

http://kb.vmware.com/kb/2075521

ESXi500-201405001 contains ESXi500-201405101-SG

 

ESXi 5.0

File: ESXi500-201502001.zip

md5sum: 0e81d3c7702d6f08c1a5ebe743c8c42b

sha1sum: 6f16a03f413c1af4db3e181c2ccd6aa01141035d

http://kb.vmware.com/kb/2101910

ESXi500-201502001 contains ESXi500-201502101-SG

 

  1. References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

 

  1. Change log

 

2015-01-27 VMSA-2015-0001

Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27.

2015-02-26 VMSA-2015-0001.1

Updated security advisory in conjunction with the release of VMware ESXi 5.0 Patches released on 2015-02-26.

2015-03-26 VMSA-2015-0001.2

Updated security advisory in conjunction with the release of VMware ESXi 5.1 Patches released on 2015-03-26.

 

  1. Contact

 

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • fulldisclosure at seclists.org

E-mail: security at vmware.com

PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories

http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories

http://kb.vmware.com/kb/2078735

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

Twitter

https://twitter.com/VMwareSRC

Copyright 2015 VMware Inc. All rights reserved.

%d bloggers like this: