UPDATED VMSA-2015-0007.1 VMware vCenter and ESXi updates address critical security issues

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0007.1
Synopsis:    VMware vCenter and ESXi updates address critical security
             issues

Issue date:  2015-10-01
Updated on:  2015-10-06
CVE number:  CVE-2015-5177 CVE-2015-2342 CVE-2015-1047
------------------------------------------------------------------------

1. Summary

   VMware vCenter and ESXi updates address critical security issues.


2. Relevant Releases

   VMware ESXi 5.5 without patch ESXi550-201509101
   VMware ESXi 5.1 without patch ESXi510-201510101
   VMware ESXi 5.0 without patch ESXi500-201510101

   VMware vCenter Server 6.0 prior to version 6.0 update 1
   VMware vCenter Server 5.5 prior to version 5.5 update 3
   VMware vCenter Server 5.1 prior to version 5.1 update u3b
   VMware vCenter Server 5.0 prior to version 5.0 update u3e


3. Problem Description

   a. VMWare ESXi OpenSLP Remote Code Execution

      VMware ESXi contains a double free flaw in OpenSLP's
      SLPDProcessMessage() function. Exploitation of this issue may
      allow an unauthenticated attacker to remotely execute code on
      the ESXi host.

      VMware would like to thank Qinghao Tang of QIHU 360 for reporting
      this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-5177 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

        VMware          Product  Running   Replace with/
        Product         Version  on        Apply Patch
        ====================  =======   =================
        ESXi            6.0       ESXi      not affected
        ESXi            5.5       ESXi      ESXi550-201509101 *
        ESXi            5.1       ESXi      ESXi510-201510101
        ESXi            5.0       ESXi      ESXi500-201510101

        * Customers who have installed the complete set of ESXi 5.5 U3
        Bulletins, please review VMware KB 2133118. KB 2133118 documents
        a known non-security issue and provides a solution.

   b. VMware vCenter Server JMX RMI Remote Code Execution

      VMware vCenter Server contains a remotely accessible JMX RMI
      service that is not securely configured. An unauthenticated remote
      attacker that is able to connect to the service may be able use it
      to execute arbitrary code on the vCenter server.

      VMware would like to thank Doug McLeod of 7 Elements Ltd and an
      anonymous researcher working through HP's Zero Day Initiative for
      reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-2342 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                        Product    Running   Replace with/
      Product                       Version    on        Apply Patch
      =============                 =======    =======   ===============
      VMware vCenter Server         6.0        Any       6.0 u1
      VMware vCenter Server         5.5        Any       5.5 u3
      VMware vCenter Server         5.1        Any       5.1 u3b
      VMware vCenter Server         5.0        Any       5.0 u3e

   c. VMware vCenter Server vpxd denial-of-service vulnerability

      VMware vCenter Server does not properly sanitize long heartbeat
      messages. Exploitation of this issue may allow an unauthenticated
      attacker to create a denial-of-service condition in the vpxd
      service.

      VMware would like to thank the Google Security Team for reporting
      this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-1047 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                         Product    Running   Replace with/
      Product                        Version    on        Apply Patch
      =============                  =======    =======   ==============
      VMware vCenter Server          6.0        Any       not affected
      VMware vCenter Server          5.5        Any       5.5u2
      VMware vCenter Server          5.1        Any       5.1u3
      VMware vCenter Server          5.0        Any       5.0u3e


4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   ESXi
   --------------------------------
   Downloads:
   https://www.vmware.com/patchmgr/findPatch.portal

   Documentation:
   http://kb.vmware.com/kb/2110247
   http://kb.vmware.com/kb/2114875
   http://kb.vmware.com/kb/2120209

   vCenter Server
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047

   http://kb.vmware.com/kb/2133118

------------------------------------------------------------------------

6. Change log

   2015-10-06 VMSA-2015-0007.1
   Updated security advisory in conjunction with the release of ESXi 5.5
   U3a on 2015-10-06. Added a note to section 3.a to alert customers to
   a non-security issue in ESXi 5.5 U3 that is addressed in ESXi 5.5 U3a.

   2015-10-01 VMSA-2015-0007
   Initial security advisory in conjunction with ESXi 5.0, 5.1 patches
   and VMware vCenter Server 5.1 u3b, 5.0 u3e on 2015-10-01.


------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce

Leave a Reply