exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2007-0003

VMware Security Advisory 2007-0003
Posted Apr 5, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.

tags | advisory
advisories | CVE-2005-3011, CVE-2006-4810, CVE-2007-1270, CVE-2007-1271, CVE-2005-2096, CVE-2005-1849, CVE-2003-0107, CVE-2005-1704
SHA-256 | 00501d3613c989dc8596886834f4aebb712f92e614164602fc56e3fbe61fd121

VMware Security Advisory 2007-0003

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2007-0003
Synopsis: VMware ESX 3.0.1 and 3.0.0 server security updates
Issue date: 2007-04-02
Updated on: 2007-04-02
CVE numbers: CVE-2005-3011 CVE-2006-4810 CVE-2007-1270
CVE-2007-1271 CVE-2005-2096 CVE-2005-1849
CVE-2003-0107 CVE-2005-1704
- -------------------------------------------------------------------

1. Summary:

ESX 3.0.1 and 3.0.0 patches address several security issues.

2. Relevant releases:

VMware ESX 3.0.1 without patches ESX-2559638, ESX-1161870, ESX-3416571,
ESX-5011126, ESX-7737432, ESX-7780490, ESX-8174018, ESX-8852210,
ESX-9617902,
ESX-9916286

VMware ESX 3.0.0 without patches ESX-1121906, ESX-131737, ESX-1870154,
ESX-392718, ESX-4197945, ESX-4921691, ESX-5752668, ESX-7052426, ESX-3616065

3. Problem description:

Problems addressed by these patches:

a. texinfo service console update

Updated texinfo packages for the service console fix two security
vulnerabilities are now available. A buffer overflow in the the
program texinfo could allow local user to execute arbitrary code in
the service console via a crafted texinfo file. And could allow a
local user to overwrite arbitrary files via a symlink attack on
temporary files.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-3011 and CVE-2006-4810 to these
issues.

ESX 301 Download Patch ESX-2559638
ESX 300 Download Patch ESX-1121906

b. This bundle is a group of patches to resolve two possible security
issues.

They are as follows:
A VMware internal security audit revealed a double free condition.
It may be possible for an attacker to influence the operation of
the system. In most circumstances, this influence will be limited
to denial of service or information leakage, but it is
theoretically possible for an attacker to insert arbitrary code
into a running program. This code would be executed with the
permissions of the vulnerable program. There are no known exploits
for this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-1270 to this issue.

A VMware internal security audit revealed a potential buffer
overflow condition. There are no known vulnerabilities, but such
vulnerabilities may be used to elevate privileges or to crash the
application and thus cause a denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-1271 to this issue.

The following patches are contained within this bundle:

ESX 301 ESX 300
------- --------
ESX-1161870 ESX-131737
ESX-3416571 ESX-1870154
ESX-5011126 ESX-392718
ESX-7737432 ESX-4197945
ESX-7780490 ESX-4921691
ESX-8174018 ESX-5752668
ESX-8852210 ESX-7052426
ESX-9617902 ESX-9976400

ESX 301 Download Patch Bundle ESX-6431040
ESX 300 Download Patch Bundle ESX-5754280

c. This patch updates internally used zlib libraries in order to
address potential security issues with older versions of this
library.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-2096, CVE-2005-1849, CVE-2003-0107
to these issues.

ESX 301 Download Patch ESX-9916286
ESX 300 Download Patch ESX-3616065

d. binutils service console update

NOTE: This vulnerability and update only apply to ESX 3.0.0.

A integer overflow in the Binary File Descriptor (BFD) library for
the GNU Debugger before version 6.3, binutils, elfutils, and
possibly other packages, allows user-assisted attackers to execute
arbitrary code via a crafted object file that specifies a large
number of section headers, leading to a heap-based buffer overflow.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1704 to this issue.

ESX 300 Download Patch ESX-55052

4. Solution:

Please review the Patch notes for your version of ESX and verify the
md5sum of your downloaded file.

ESX 3.0.1
https://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
md5sum 9ee9d9769dfe2668aa6a4be2df284ea6

https://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
md5sum ef6bc745b3d556e0736fd39b8ddc8087

https://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
md5sum 7b98cfe1b2e0613c368d4080dcacccb8

ESX 3.0.0
https://www.vmware.com/support/vi3/doc/esx-55052-patch.html
md5sum 8d45e36ec997707ebe68d84841026fef

https://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
md5sum 02c5bcccea156dd0db93177e5e3fab8b

https://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
md5sum 90e4face2edaab07080531a37a49ec01

https://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
md5sum 82b3c7e18dd1422f30c4aa9e477c6a27

5. References:

ESX 3.0.1

Patch URL:https://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
Patch URL:https://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
Patch URL:https://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
Knowledge base URL:https://kb.vmware.com/kb/2559638
Knowledge base URL:https://kb.vmware.com/kb/6431040
Knowledge base URL:https://kb.vmware.com/kb/9916286

ESX 3.0.0

Patch URL:https://www.vmware.com/support/vi3/doc/esx-55052-patch.html
Patch URL:https://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
Patch URL:https://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
Patch URL:https://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
Knowledge base URL:https://kb.vmware.com/kb/55052
Knowledge base URL:https://kb.vmware.com/kb/1121906
Knowledge base URL:https://kb.vmware.com/kb/3616065
Knowledge base URL:https://kb.vmware.com/kb/55052


CVE numbers

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704

6. Contact:

https://www.vmware.com/security

VMware Security Response Policy
https://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGFAiH6KjQhy2pPmkRCDhvAJ9IdzXG4Ino7NGYPnRvW5ZLFMdhRgCgk1Rr
bGpwMyFZk0OMLWyA/L8PODQ=
=MjIU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close