1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200711-23 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
http://security.gentoo.org/ |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
Severity: Normal |
11 |
Title: VMware Workstation and Player: Multiple vulnerabilities |
12 |
Date: November 18, 2007 |
13 |
Bugs: #193196 |
14 |
ID: 200711-23 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
VMware guest operating systems might be able to execute arbitrary code |
22 |
with elevated privileges on the host operating system through multiple |
23 |
flaws. |
24 |
|
25 |
Background |
26 |
========== |
27 |
|
28 |
VMware Workstation is a virtual machine for developers and system |
29 |
administrators. VMware Player is a freeware virtualization software |
30 |
that can run guests produced by other VMware products. |
31 |
|
32 |
Affected packages |
33 |
================= |
34 |
|
35 |
------------------------------------------------------------------- |
36 |
Package / Vulnerable / Unaffected |
37 |
------------------------------------------------------------------- |
38 |
1 vmware-workstation < 6.0.1.55017 *>= 5.5.5.56455 |
39 |
>= 6.0.1.55017 |
40 |
2 vmware-player < 2.0.1.55017 *>= 1.0.5.56455 |
41 |
>= 2.0.1.55017 |
42 |
------------------------------------------------------------------- |
43 |
2 affected packages on all of their supported architectures. |
44 |
------------------------------------------------------------------- |
45 |
|
46 |
Description |
47 |
=========== |
48 |
|
49 |
Multiple vulnerabilities have been discovered in several VMware |
50 |
products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that |
51 |
the DHCP server contains an integer overflow vulnerability |
52 |
(CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and |
53 |
another error when handling malformed packets (CVE-2007-0061), leading |
54 |
to stack-based buffer overflows or stack corruption. Rafal Wojtczvk |
55 |
(McAfee) discovered two unspecified errors that allow authenticated |
56 |
users with administrative or login privileges on a guest operating |
57 |
system to corrupt memory or cause a Denial of Service (CVE-2007-4496, |
58 |
CVE-2007-4497). Another unspecified vulnerability related to untrusted |
59 |
virtual machine images was discovered (CVE-2007-5617). |
60 |
|
61 |
VMware products also shipped code copies of software with several |
62 |
vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT |
63 |
Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow |
64 |
(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, |
65 |
CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). |
66 |
|
67 |
Impact |
68 |
====== |
69 |
|
70 |
Remote attackers within a guest system could possibly exploit these |
71 |
vulnerabilities to execute code on the host system with elevated |
72 |
privileges or to cause a Denial of Service. |
73 |
|
74 |
Workaround |
75 |
========== |
76 |
|
77 |
There is no known workaround at this time. |
78 |
|
79 |
Resolution |
80 |
========== |
81 |
|
82 |
All VMware Workstation users should upgrade to the latest version: |
83 |
|
84 |
# emerge --sync |
85 |
# emerge --ask --oneshot --verbose |
86 |
">=app-emulation/vmware-workstation-5.5.5.56455" |
87 |
|
88 |
All VMware Player users should upgrade to the latest version: |
89 |
|
90 |
# emerge --sync |
91 |
# emerge --ask --oneshot --verbose |
92 |
">=app-emulation/vmware-player-1.0.5.56455" |
93 |
|
94 |
References |
95 |
========== |
96 |
|
97 |
[ 1 ] CVE-2004-0813 |
98 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813 |
99 |
[ 2 ] CVE-2006-3619 |
100 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619 |
101 |
[ 3 ] CVE-2006-4146 |
102 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146 |
103 |
[ 4 ] CVE-2006-4600 |
104 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600 |
105 |
[ 5 ] CVE-2007-0061 |
106 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061 |
107 |
[ 6 ] CVE-2007-0062 |
108 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062 |
109 |
[ 7 ] CVE-2007-0063 |
110 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063 |
111 |
[ 8 ] CVE-2007-1716 |
112 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716 |
113 |
[ 9 ] CVE-2007-4496 |
114 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496 |
115 |
[ 10 ] CVE-2007-4497 |
116 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497 |
117 |
[ 11 ] CVE-2007-5617 |
118 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617 |
119 |
[ 12 ] GLSA-200606-02 |
120 |
http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml |
121 |
[ 13 ] GLSA-200702-06 |
122 |
http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml |
123 |
[ 14 ] GLSA-200704-11 |
124 |
http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml |
125 |
[ 15 ] GLSA-200705-15 |
126 |
http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml |
127 |
[ 16 ] GLSA-200707-11 |
128 |
http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml |
129 |
[ 17 ] VMSA-2007-0006 |
130 |
|
131 |
http://lists.vmware.com/pipermail/security-announce/2007/000001.html |
132 |
|
133 |
Availability |
134 |
============ |
135 |
|
136 |
This GLSA and any updates to it are available for viewing at |
137 |
the Gentoo Security Website: |
138 |
|
139 |
http://security.gentoo.org/glsa/glsa-200711-23.xml |
140 |
|
141 |
Concerns? |
142 |
========= |
143 |
|
144 |
Security is a primary focus of Gentoo Linux and ensuring the |
145 |
confidentiality and security of our users machines is of utmost |
146 |
importance to us. Any security concerns should be addressed to |
147 |
security@g.o or alternatively, you may file a bug at |
148 |
http://bugs.gentoo.org. |
149 |
|
150 |
License |
151 |
======= |
152 |
|
153 |
Copyright 2007 Gentoo Foundation, Inc; referenced text |
154 |
belongs to its owner(s). |
155 |
|
156 |
The contents of this document are licensed under the |
157 |
Creative Commons - Attribution / Share Alike license. |
158 |
|
159 |
http://creativecommons.org/licenses/by-sa/2.5 |
160 |
-----BEGIN PGP SIGNATURE----- |
161 |
Version: GnuPG v1.4.7 (GNU/Linux) |
162 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
163 |
|
164 |
iD8DBQFHQKq6uhJ+ozIKI5gRAvyzAJ4tIVlyg3li+eRhWJNDh4UhWVfmGACdEXK5 |
165 |
dbHI84sLa81gvPzWkm/TSZs= |
166 |
=Lh0/ |
167 |
-----END PGP SIGNATURE----- |
168 |
-- |
169 |
gentoo-announce@g.o mailing list |