VMware Security Advisory:- VMSA-2011-0010

Not had one of these in a while. and with the release of vSphere 5 the amount that come will diminish, as we all know that the vast majority of Security Advisories are ESX based.

Synopsis: VMware ESX third party updates for Service Console packages glibc and dhcp
Issue date 2011-07-28
Updated on 2011-07-28 (initial release of advisory)
CVE numbers CVE-2010-0296 CVE-2011-0536 CVE-2011-0997 CVE-2011-1071 CVE-2011-1095

1. Summary

ESX Service Console OS (COS) updates to remediate vulnerabilities in glibc and dhcp.

2. Relevant releases

ESX 4.1 without patches ESX410-201107405-SG and ESX410-201107406-SG.

3. Problem Description

a. Service Console update for DHCP

The DHCP client daemon, dhclient, does not properly sanatize certain options in DHCP server replies. An attacker could send a specially crafted DHCP server reply, that is saved on the client system and evaluated by a process that assumes the option is trusted. This could lead to arbitrary code execution with the privileges of the evaluating process.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0997 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/Apply Patch
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201107405-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX affected, no patch planned

* hosted products are VMware Workstation, Player, ACE, Fusion.

b. Service Console update for glibc

This patch updates the glibc package for ESX service console to glibc-2.5-58.el5_6.2. This fixes multiple security issues in glibc, glibc-common and nscd including possible local privilege escalation.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2010-0296, CVE-2011-0536, CVE-2011-0997 and CVE-2011-1071 to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/Apply Patch
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201107406-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX affected, no patch planned

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware ESX 4.1

ESX410-201107001

Download link:

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-285-20110719-831016/ESX410-201107001.zip
md5sum: 5db911b51bd45fa4fbd710cf2111c20e
sha1sum: 6b1ca691133b56b74f12cecac6409062c5d1efbf
http://kb.vmware.com/kb/2000612
ESX410-201107001 contains ESX410-201107405-SG and ESX410-201107406-SG.

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095

6. Change log

2011-07-28 VMSA-2011-0010
Initial security advisory in conjunction with the release of ESX 4.1 patches on 2011-07-28.

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.