VMware Security Advisory – VMSA-2010-0003.1

Yet another couple of reissues form the VMware sercurity team today.

VMware Security Advisory – VMSA-2010-0003.1

Advisory ID: VMSA-2010-0003.1
Synopsis: ESX Service Console update for net-snmp
Issue date: 2010-02-16
Updated on: 2010-03-08
CVE numbers: CVE-2009-1887

1. Summary

Update for Service Console package net-snmp

2. Relevant releases

VMware ESX 3.5 without patch ESX350-201002401-SG
VMware ESX 3.0.3 without patch ESX303-201002202-SG

3. Problem Description

a. Service Console package net-snmp updated

This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.

This vulnerability was introduced by an incorrect fix for CVE-2008-4309.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1887 to this issue.

Note: After installing the previous patch for net-snmp (ESX350-200901409-SG), running the snmpbulkwalk command with the parameter -CnX results in no output, and the snmpd daemon stops.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware Product VMware Version Running on Replace with/Apply Patch
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201002401-SG
ESX 3.0.3 ESX ESX303-201002202-SG
ESX 2.5.5 ESX not affected

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESX 3.5:

ESX350-201002401-SG
http://download3.vmware.com/software/vi/ESX350-201002401-SG.zip
md5sum: a91428cb6bc2da794f581aefd5eef010
http://kb.vmware.com/kb/1017660

ESX 3.0.3:

ESX303-201002202-SG
http://download3.vmware.com/software/vi/ESX303-201002202-UG.zip
md5sum: b111601ecb6978fbac40df2700d08fe2
http://kb.vmware.com/kb/1018027
5. References

CVE numbers

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887

6. Change log

2010-02-16  VMSA-2010-0003

Initial security advisory after release of patches for ESX 3.5 on 2010-02-16.

2010-03-08  VMSA-2010-0003.1

Update after release of ESX 3.0.3 Update 1 on 2010-03-08.

7. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com

PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc.  All rights reserved.