UPDATED VMSA-2015-0001.2 VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

------------------------------------------------------------------------
                  VMware Security Advisory

Advisory ID: VMSA-2015-0001.2
Synopsis:    VMware vCenter Server, ESXi, Workstation, Player, and Fusion
            updates address security issues
Issue date:  2015-01-27
Updated on:  2015-03-26
CVE number:  CVE-2014-8370, CVE-2015-1043, CVE-2015-1044

            --- OPENSSL---
            CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568

            --- libxml2 ---
            CVE-2014-3660
------------------------------------------------------------------------

1. Summary

  VMware vCenter Server, ESXi, Workstation, Player and Fusion address
  several security issues.

2. Relevant Releases

  VMware Workstation 10.x prior to version 10.0.5

  VMware Player 6.x prior to version 6.0.5

  VMware Fusion 7.x prior to version 7.0.1
  VMware Fusion 6.x prior to version 6.0.5

  vCenter Server 5.5 prior to Update 2d

  ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
  ESXi 5.1 without patch ESXi510-201404101-SG, ESXi510-201503101-SG
  ESXi 5.0 without patch ESXi500-201405101-SG, ESXi500-201502101-SG

3. Problem Description

  a. VMware ESXi, Workstation, Player, and Fusion host privilege
     escalation vulnerability

     VMware ESXi, Workstation, Player and Fusion contain an arbitrary
     file write issue. Exploitation this issue may allow for privilege
     escalation on the host.

     The vulnerability does not allow for privilege escalation from
     the guest Operating System to the host or vice-versa. This means
     that host memory can not be manipulated from the Guest Operating
     System.

     Mitigation

     For ESXi to be affected, permissions must have been added to ESXi
     (or a vCenter Server managing it) for a virtual machine
     administrator role or greater.

     VMware would like to thank Shanon Olsson for reporting this issue to
     us through JPCERT.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2014-8370 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product    Running   Replace with/
     Product        Version    on        Apply Patch
     =============  =======    =======   =================
     Workstation    11.x       any       not affected
     Workstation    10.x       any       10.0.5

     Player         7.x        any       not affected
     Player         6.x        any       6.0.5

     Fusion         7.x        any       not affected
     Fusion         6.x        any       6.0.5

     ESXi           5.5        ESXi      ESXi550-201403102-SG
     ESXi           5.1        ESXi      ESXi510-201404101-SG
     ESXi           5.0        ESXi      ESXi500-201405101-SG

  b. VMware Workstation, Player, and Fusion Denial of Service
     vulnerability

     VMware Workstation, Player, and Fusion contain an input
     validation issue in the Host Guest File System (HGFS).
     This issue may allow for a Denial of Service of the Guest
     Operating system.

     VMware would like to thank Peter Kamensky from Digital
     Security for reporting this issue to us.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-1043 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product    Running   Replace with/
     Product        Version    on        Apply Patch
     =============  =======    =======   =================
     Workstation    11.x       any       not affected
     Workstation    10.x       any       10.0.5

     Player         7.x        any       not affected
     Player         6.x        any       6.0.5

     Fusion         7.x        any       7.0.1
     Fusion         6.x        any       6.0.5

  c. VMware ESXi, Workstation, and Player Denial of Service
     vulnerability

     VMware ESXi, Workstation, and Player contain an input
     validation issue in VMware Authorization process (vmware-authd).
     This issue may allow for a Denial of Service of the host. On
     VMware ESXi and on Workstation running on Linux the Denial of
     Service would be partial.

     VMware would like to thank Dmitry Yudin < at >ret5et for reporting
     this issue to us through HP's Zero Day Initiative.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-1044 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product    Running   Replace with/
     Product        Version    on        Apply Patch
     =============  =======    =======   =================
     Workstation    11.x       any       not affected
     Workstation    10.x       any       10.0.5

     Player         7.x        any       not affected
     Player         6.x        any       6.0.5

     Fusion         7.x        any       not affected
     Fusion         6.x        any       not affected

     ESXi           5.5        ESXi      ESXi550-201501101-SG
     ESXi           5.1        ESXi      ESXi510-201410101-SG
     ESXi           5.0        ESXi      not affected

  d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1
     and 0.9.8 package

     The OpenSSL library is updated to version 1.0.1j or 0.9.8zc
     to resolve multiple security issues.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2014-3513, CVE-2014-3567,
     CVE-2014-3566 (ìPOODLEî) and CVE-2014-3568 to these issues.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product    Running   Replace with/
     Product        Version    on        Apply Patch
     =============  =======    =======   =================
     vCenter Server 5.5        any       Update 2d*
     vCenter Server 5.1        any       patch pending
     vCenter Server 5.0        any       patch pending

     ESXi           5.5        ESXi      ESXi550-201501101-SG
     ESXi           5.1        ESXi      ESXi510-201503101-SG
     ESXi           5.0        ESXi      ESXi500-201502101-SG

     * The VMware vCenter 5.5 SSO component will be updated
       in a later release.

  e. Update to ESXi libxml2 package

     The libxml2 library is updated to version libxml2-2.7.6-17
     to resolve a security issue.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2014-3660 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware         Product    Running   Replace with/
     Product        Version    on        Apply Patch
     =============  =======    =======   =================
     ESXi           5.5        ESXi      ESXi550-201501101-SG
     ESXi           5.1        ESXi      ESXi510-201503101-SG
     ESXi           5.0        ESXi      patch pending

4. Solution

  Please review the patch/release notes for your product and
  version and verify the checksum of your downloaded file.

  VMware Workstation 10.x
  --------------------------------
  https://www.vmware.com/go/downloadworkstation

  VMware Player 6.x
  --------------------------------
  https://www.vmware.com/go/downloadplayer

  VMware Fusion 7.x and 6.x
  --------------------------------
  https://www.vmware.com/go/downloadplayer

  vCenter Server
  ----------------------------
  Downloads and Documentation:
  https://www.vmware.com/go/download-vsphere

  ESXi 5.5 Update 2d
  ----------------------------
  File: update-from-esxi5.5-5.5_update01.zip
  md5sum: 5773844efc7d8e43135de46801d6ea25
  sha1sum: 6518355d260e81b562c66c5016781db9f077161f
  http://kb.vmware.com/kb/2065832
  update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

  ESXi 5.5
  ----------------------------
  File: ESXi550-201501001.zip
  md5sum: b0f2edd9ad17d0bae5a11782aaef9304
  sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1
  http://kb.vmware.com/kb/2099265
  ESXi550-201501001.zip contains ESXi550-201501101-SG

  ESXi 5.1
  ----------------------------
  File: ESXi510-201404001.zip
  md5sum: 9dc3c9538de4451244a2b62d247e52c4
  sha1sum: 2e052145f1697a781148e9866438a47c9cbd7ea9
  http://kb.vmware.com/kb/2070666
  ESXi510-201404001 contains ESXi510-201404101-SG


  ESXi 5.1
  ----------------------------
  File: ESXi510-201503001.zip
  md5sum: 696360824ce098115f9fdba678391c3a
  sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66
  http://kb.vmware.com/kb/2099286
  ESXi510-201503001 contains ESXi510-201503001-SG


  ESXi 5.0
  ----------------------------
  File: ESXi500-201405001.zip
  md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d
  sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5
  http://kb.vmware.com/kb/2075521
  ESXi500-201405001 contains  ESXi500-201405101-SG

  ESXi 5.0
  ----------------------------
  File: ESXi500-201502001.zip
  md5sum: 0e81d3c7702d6f08c1a5ebe743c8c42b
  sha1sum: 6f16a03f413c1af4db3e181c2ccd6aa01141035d
  http://kb.vmware.com/kb/2101910
  ESXi500-201502001 contains ESXi500-201502101-SG

5. References

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

------------------------------------------------------------------------

6. Change log

  2015-01-27 VMSA-2015-0001
  Initial security advisory in conjunction with the release of VMware
  Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d
  and, ESXi 5.5 Patches released on 2015-01-27.

  2015-02-26 VMSA-2015-0001.1
  Updated security advisory in conjunction with the release
  of VMware ESXi 5.0 Patches released on 2015-02-26.

  2015-03-26 VMSA-2015-0001.2
  Updated security advisory in conjunction with the release
  of VMware ESXi 5.1 Patches released on 2015-03-26.


------------------------------------------------------------------------

7. Contact

  E-mail list for product security notifications and announcements:
  http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

  This Security Advisory is posted to the following lists:

   security-announce at lists.vmware.com
   bugtraq at securityfocus.com
   fulldisclosure at seclists.org

  E-mail: security at vmware.com
  PGP key at: http://kb.vmware.com/kb/1055

  VMware Security Advisories
  http://www.vmware.com/security/advisories

  Consolidated list of VMware Security Advisories
  http://kb.vmware.com/kb/2078735

  VMware Security Response Policy
  https://www.vmware.com/support/policies/security_response.html

  VMware Lifecycle Support Phases
  https://www.vmware.com/support/policies/lifecycle.html

  Twitter
  https://twitter.com/VMwareSRC

  Copyright 2015 VMware Inc.  All rights reserved.


_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce

Leave a Reply