Monthly Archives: June 2016

VMWare

UPDATE: VMSA-2016-0005.3 – VMware product updates address critical and important security issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2016-0005.3
Synopsis:    VMware product updates address critical and important
             security issues
Issue date:  2016-05-17
Updated on:  2016-06-03
CVE number:  CVE-2016-3427, CVE-2016-2077
- ------------------------------------------------------------------------

1. Summary

   VMware product updates address critical and important
   security issues.

2. Relevant Releases

   vCenter Server 6.0 on Windows without workaround of KB 2145343
   vCenter Server 6.0 on Linux (VCSA) prior to 6.0.0b
   vCenter Server 5.5 prior to 5.5 U3d (on Windows), 5.5 U3 (VCSA)
   vCenter Server 5.1 prior to 5.1 U3b
   vCenter Server 5.0 prior to 5.0 U3e

   vCloud Director prior to 8.0.1.1
   vCloud Director prior to 5.6.5.1
   vCloud Director prior to 5.5.6.1

   vSphere Replication prior to 6.1.1
   vSphere Replication prior to 6.0.0.3
   vSphere Replication prior to 5.8.1.2
   vSphere Replication prior to 5.6.0.6

   vRealize Operations Manager 6.x (non-appliance version)

   vRealize Infrastructure Navigator prior to 5.8.6

   VMware Workstation prior to 11.1.3

   VMware Player prior to 7.1.3


3. Problem Description

   a. Critical JMX issue when deserializing authentication credentials

      The RMI server of Oracle JRE JMX deserializes any class when
      deserializing authentication credentials. This may allow a remote,
      unauthenticated attacker to cause deserialization flaws and execute
      their commands.

      Workarounds CVE-2016-3427

      vCenter Server
      Apply the steps of VMware Knowledge Base article 2145343 to vCenter
      Server 6.0 on Windows. See the table below for the specific vCenter
      Server 6.0 versions on Windows this applies to.

      vCloud Director
      No workaround identified

      vSphere Replication
      No workaround identified

      vRealize Operations Manager (non-appliance)
      The non-appliance version of vRealize Operations Manager (vROps),
      which can be installed on Windows and Linux has no default
      firewall. In order to remove the remote exploitation possibility,
      access to the following external ports will need to be blocked on
      the system where the non-appliance version of vROps is installed:
         - vROps 6.2.x: port 9004, 9005, 9006, 9007, 9008
         - vROps 6.1.x: port 9004, 9005, 9007, 9008
         - vROps 6.0.x: port 9004, 9005
      Note: These ports are already blocked by default in the appliance
      version of vROps.

      vRealize Infrastructure Navigator
      No workaround identified

      The Common Vulnerabilities and Exposures project (cve.mitre.org) has
      assigned the identifier CVE-2016-3427 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                  Product    Running   Replace with/
      Product                 Version    on        Apply Patch
      ======================  =========  =======   =============
      vCenter Server          6.0        Windows   6.0.0b + KB 2145343 *
      vCenter Server          6.0        Linux     6.0.0b
      vCenter Server          5.5        Windows   (5.5 U3b + KB 2144428
**)
                                                   or 5.5 U3d
      vCenter Server          5.5        Linux     5.5 U3
      vCenter Server          5.1        Windows   (5.1 U3b + KB 2144428
**)
                                                   or 5.1U3d
      vCenter Server          5.1        Linux     5.1 U3b
      vCenter Server          5.0        Windows   5.0 U3e + KB 2144428 **
      vCenter Server          5.0        Linux     5.0 U3e

      vCloud Director         8.0.x      Linux     8.0.1.1
      vCloud Director         5.6.x      Linux     5.6.5.1
      vCloud Director         5.5.x      Linux     5.5.6.1

      vSphere Replication     6.1.x      Linux     6.1.1 ***
      vSphere Replication     6.0.x      Linux     6.0.0.3 ***
      vSphere Replication     5.8.x      Linux     5.8.1.2 ***
      vSphere Replication     5.6.x      Linux     5.6.0.6 ***

      vROps (non-appliance)   6.x        All       Apply workaround
      vROps (appliance)       6.x        Linux     Not affected

      vRealize Infrastructure 5.8.x      All       5.8.6
      Navigator


    * Remote and local exploitation is feasible on vCenter Server 6.0 and
      6.0.0a for Windows. Remote exploitation is not feasible on vCenter
      Server 6.0.0b (and above) for Windows but local exploitation is. The
      local exploitation possibility can be removed by applying the steps
      of KB 2145343 to vCenter Server 6.0.0b (and above) for Windows.

   ** See VMSA-2015-0007 for details.
      vCenter Server 5.5 U3d and 5.1 U3d running on Windows addresses
      CVE-2016-3427 without the need to install the additional patch
      of KB 2144428 documented in VMSA-2015-0007.


  *** vSphere Replication is affected if its vCloud Tunneling Agent
      is running, which is not enabled by default. This agent is used
      in environments that replicate data between the cloud and an
      on-premise datacenter.


   b. Important VMware Workstation and Player for Windows host privilege
      escalation vulnerability.

      VMware Workstation and Player for Windows do not properly reference
      one of their executables. This may allow a local attacker on the host
      to elevate their privileges.

      VMware would like to thank Andrew Smith of Sword & Shield Enterprise
      Security for reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2016-2077 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                      Product    Running   Replace with/
      Product                     Version    on        Apply Patch
      ==================          =======    =======   =================
      VMware Workstation          12.x       any       not affected
      VMware Workstation          11.x       Windows   11.1.3
      VMware Workstation          11.x       Linux     not affected

      VMware Player               8.x        any       not affected
      VMware Player               7.x        Windows   7.1.3
      VMware Player               7.x        Linux     not affected


4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   vCenter Server
   --------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   vCloud Director
   ---------------
   Downloads and Documentation:
   https://www.vmware.com/go/download/vcloud-director

   vSphere Replication
   -------------------
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/get-download?downloadGroup=VR611
   https://my.vmware.com/web/vmware/get-download?downloadGroup=VR6003
   https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5812
   https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5606
   https://www.vmware.com/support/pubs/vsphere-replication-pubs.html

   vRealize Infrastructure Navigator
   ---------------------------------
   Downloads and Documentation:
  
https://my.vmware.com/web/vmware/details?downloadGroup=VIN_586&productId=54
2&rPId=11127

   VMware Workstation
   -------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation

   VMware Player
   -------------
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer

5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

   VMware Security Advisory VMSA-2015-0007
   http://www.vmware.com/security/advisories/VMSA-2015-0007.html

   VMware Knowledge Base article 2145343
   kb.vmware.com/kb/2145343

   VMware Knowledge Base article 2144428
   kb.vmware.com/kb/2144428

- ------------------------------------------------------------------------

6. Change log

   2016-05-17 VMSA-2016-0005
   Initial security advisory in conjunction with the release of VMware
   vCloud Director 8.0.1.1, 5.6.5.1, and 5.5.6.1, and vSphere
   Replication 6.0.0.3, 5.8.1.2, and 5.6.0.6 on 2016-05-17.

   2016-05-24 VMSA-2016-0005.1
   Updated security advisory in conjunction with the release of vSphere
   5.1 U3d on 2016-05-24. vCenter Server 5.1 U3d running on
   Windows addresses CVE-2016-3427 without the need to install the
   additional patch.

   2016-05-27 VMSA-2016-0005.2
   Updated security advisory in conjunction with the release of vSphere
   Replication 6.1.1 on 2016-05-26.

   2016-06-03 VMSA-2016-0005.3
   Updated security advisory in conjunction with the release of vRealize
   Infrastructure Navigator 5.8.6 on 2016-06-02

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2016 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFXUfNgDEcm8Vbi9kMRAuQ8AJsFuZLqvbAgpSDEku8sccEQvTQTewCg6ZeQ
OPEXvu2rnhSu/qqOfWvgpsw=
=+1IH
-----END PGP SIGNATURE-----
Hackers News

Have you ever suspected that Facebook is listening to your conversations through Microphone?

Have you ever felt Facebook is showing you very relevant ads about topics you’re only discussing around your phone?

If yes, then you may find this news worth reading.

Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are

Avast

Do you know the social sites your tweens and teens are using?

We help you recognize popular social sites where your pre-teens and teenagers hang out.

Facebook maybe the number one stop for your teenager, but it’s not the only social media platform that’s popular. Seven out of 10 teenagers report that they use more than one social site to communicate with their friends and meet strangers. Here’s a rundown of the most frequently used social media platforms among teens. For now.

shutterstock_182474648-402667-edited.jpg

 

US-CERT

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Original release date: June 03, 2016

The Network Time Foundation’s NTP Project has released version ntp-4.2.8p8 to address multiple vulnerabilities in ntpd. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review Vulnerability Note VU#321640 and the NTP Security Notice Page for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.

NVD

CVE-2016-0363

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

NVD

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.