NEW: VMSA-2015-0001 – VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0001
Synopsis:    VMware vCenter Server, ESXi, Workstation, Player, and Fusion
             updates address security issues
Issue date:  2015-01-27
Updated on:  2015-01-27 (Initial Advisory)
CVE number:  CVE-2014-8370, CVE-2015-1043, CVE-2015-1044

             --- OPENSSL---
             CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568

             --- libxml2 ---
             CVE-2014-3660
- ------------------------------------------------------------------------

1. Summary

   VMware vCenter Server, ESXi, Workstation, Player and Fusion address
   several security issues.
 
2. Relevant Releases

   VMware Workstation 10.x prior to version 10.0.5
  
   VMware Player 6.x prior to version 6.0.5

   VMware Fusion 7.x prior to version 7.0.1
   VMware Fusion 6.x prior to version 6.0.5

   vCenter Server 5.5 prior to Update 2d

   ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
   ESXi 5.1 without patch ESXi510-201404101-SG
   ESXi 5.0 without patch ESXi500-201405101-SG

3. Problem Description 

   a. VMware ESXi, Workstation, Player, and Fusion host privilege
      escalation vulnerability

      VMware ESXi, Workstation, Player and Fusion contain an arbitrary 
      file write issue. Exploitation this issue may allow for privilege
      escalation on the host. 

      The vulnerability does not allow for privilege escalation from 
      the guest Operating System to the host or vice-versa. This means
      that host memory can not be manipulated from the Guest Operating
      System.

      Mitigation
      
      For ESXi to be affected, permissions must have been added to ESXi
      (or a vCenter Server managing it) for a virtual machine 
      administrator role or greater.

      VMware would like to thank Shanon Olsson for reporting this issue to
      us through JPCERT.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2014-8370 to this issue. 

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.

      VMware         Product    Running   Replace with/
      Product        Version    on        Apply Patch
      =============  =======    =======   =================
      Workstation    11.x       any       not affected
      Workstation    10.x       any       10.0.5

      Player         7.x        any       not affected
      Player         6.x        any       6.0.5

      Fusion         7.x        any       not affected
      Fusion         6.x        any       6.0.5

      ESXi           5.5        ESXi      ESXi550-201403102-SG
      ESXi           5.1        ESXi      ESXi510-201404101-SG 
      ESXi           5.0        ESXi      ESXi500-201405101-SG

   b. VMware Workstation, Player, and Fusion Denial of Service 
      vulnerability

      VMware Workstation, Player, and Fusion contain an input validation 
      issue in the Host Guest File System (HGFS). This issue may allow
      for a Denial of Service of the Guest Operating system. 

      VMware would like to thank Peter Kamensky from Digital Security for 
      reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-1043 to this issue. 

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.

      VMware         Product    Running   Replace with/
      Product        Version    on        Apply Patch
      =============  =======    =======   =================
      Workstation    11.x       any       not affected
      Workstation    10.x       any       10.0.5

      Player         7.x        any       not affected
      Player         6.x        any       6.0.5

      Fusion         7.x        any       7.0.1
      Fusion         6.x        any       6.0.5

   c. VMware ESXi, Workstation, and Player Denial of Service 
      vulnerability

      VMware ESXi, Workstation, and Player contain an input
      validation issue in VMware Authorization process (vmware-authd).
      This issue may allow for a Denial of Service of the host. On 
      VMware ESXi and on Workstation running on Linux the Denial of
      Service would be partial.

      VMware would like to thank Dmitry Yudin < at >ret5et for reporting
      this issue to us through HP's Zero Day Initiative.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-1044 to this issue. 

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.

      VMware         Product    Running   Replace with/
      Product        Version    on        Apply Patch
      =============  =======    =======   =================
      Workstation    11.x       any       not affected
      Workstation    10.x       any       10.0.5

      Player         7.x        any       not affected
      Player         6.x        any       6.0.5

      Fusion         7.x        any       not affected
      Fusion         6.x        any       not affected

      ESXi           5.5        ESXi      ESXi550-201501101-SG
      ESXi           5.1        ESXi      ESXi510-201410101-SG
      ESXi           5.0        ESXi      not affected

   d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 
      and 0.9.8 package

      The OpenSSL library is updated to version 1.0.1j or 0.9.8zc
      to resolve multiple security issues.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2014-3513, CVE-2014-3567, 
      CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware         Product    Running   Replace with/
      Product        Version    on        Apply Patch
      =============  =======    =======   =================
      vCenter Server 5.5        any       Update 2d*
      vCenter Server 5.1        any       patch pending
      vCenter Server 5.0        any       patch pending

      ESXi           5.5        ESXi      ESXi550-201501101-SG       
      ESXi           5.1        ESXi      patch pending
      ESXi           5.0        ESXi      patch pending

      * The VMware vCenter 5.5 SSO component will be 
        updated in a later release
  
   e. Update to ESXi libxml2 package

      The libxml2 library is updated to version libxml2-2.7.6-17
      to resolve a security issue.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CVE-2014-3660 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware         Product    Running   Replace with/
      Product        Version    on        Apply Patch
      =============  =======    =======   =================
      ESXi           5.5        ESXi      ESXi550-201501101-SG     
      ESXi           5.1        ESXi      patch pending
      ESXi           5.0        ESXi      patch pending
     
4. Solution

   Please review the patch/release notes for your product and 
   version and verify the checksum of your downloaded file. 

   VMware Workstation 10.x
   -------------------------------- 
   https://www.vmware.com/go/downloadworkstation 

   VMware Player 6.x
   --------------------------------     
   https://www.vmware.com/go/downloadplayer 

   VMware Fusion 7.x and 6.x
   --------------------------------     
   https://www.vmware.com/go/downloadplayer 

   vCenter Server
   ----------------------------
   Downloads and Documentation: 
   https://www.vmware.com/go/download-vsphere 

   ESXi 5.5 Update 2d
   ----------------------------
   File: update-from-esxi5.5-5.5_update01.zip
   md5sum: 5773844efc7d8e43135de46801d6ea25
   sha1sum: 6518355d260e81b562c66c5016781db9f077161f
   http://kb.vmware.com/kb/2065832
   update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

   ESXi 5.5
   ----------------------------
   File: ESXi550-201501001.zip
   md5sum: b0f2edd9ad17d0bae5a11782aaef9304
   sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1
   http://kb.vmware.com/kb/2099265
   ESXi550-201501001.zip contains ESXi550-201501101-SG

   ESXi 5.1
   ----------------------------
   File: ESXi510-201404001.zip
   md5sum: 9dc3c9538de4451244a2b62d247e52c4
   sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66
   http://kb.vmware.com/kb/2070666
   ESXi510-201404001 contains ESXi510-201404101-SG

   ESXi 5.0
   ----------------------------
   File: ESXi500-201405001.zip
   md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d
   sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5
   http://kb.vmware.com/kb/2075521
   ESXi500-201405001 contains  ESXi500-201405101-SG
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

- ------------------------------------------------------------------------

6. Change log

   2015-01-27 VMSA-2015-0001
   Initial security advisory in conjunction with the release of VMware
   Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d
   and, ESXi 5.5 Patches released on 2015-01-27.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
 
   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFUyAAUDEcm8Vbi9kMRAqJ1AKC7Lunm2bkxAO7cNCVrGIjKj0sA2ACfaiXz
Sr3Q15TFOOR5wos4xdhR3OI=
=3DtZ
-----END PGP SIGNATURE-----

Leave a Reply