[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2011-0007
Synopsis:          VMware ESXi and ESX Denial of Service and third party
                   updates for Likewise components and ESX Service
                   Console
Issue date:        2011-04-28
Updated on:        2011-04-28
CVE numbers:       CVE-2011-1785 CVE-2011-1786 CVE-2010-1324
                   CVE-2010-1323 CVE-2010-4020 CVE-2010-4021
                   CVE-2010-2240
- ------------------------------------------------------------------------

1. Summary

   VMware ESXi and ESX could encounter a socket exhaustion situation
   which may lead to a denial of service. Updates to Likewise components
   and to the ESX Service Console address security vulnerabilities.

2. Relevant releases

   VMware ESXi 4.1 without patch ESXi410-201104401-SG.
   VMware ESXi 4.0 without patch ESXi400-201104401-SG.

   VMware ESX 4.1 without patch ESX410-201104401-SG.
   VMware ESX 4.0 without patch ESX400-201104401-SG.

3. Problem Description

  a. ESX/ESXi Socket Exhaustion
 
   By sending malicious network traffic to an ESXi or ESX host an
   attacker could exhaust the available sockets which would prevent
   further connections to the host. In the event a host becomes
   inaccessible its virtual machines will continue to run and have
   network connectivity but a reboot of the ESXi or ESX host may be
   required in order to be able to connect to the host again.

   ESXi and ESX hosts may intermittently lose connectivity caused by
   applications that do not correctly close sockets. If this occurs an
   error message similar to the following may be written to the vpxa
   log:
   
       socket() returns -1 (Cannot allocate memory)

    An error message similar to the following may be written to the
    vmkernel logs:

       socreate(type=2, proto=17) failed with error 55

    VMware would like to thank Jimmy Scott at inet-solutions.be for
    reporting this issue to us.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
    assigned the name CVE-2011-1785 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           4.1       ESXi     ESXi410-201104401-SG
    ESXi           4.0       ESXi     ESXi400-201104401-SG
    ESXi           3.5       ESXi     not affected

    ESX            4.1       ESX      ESX410-201104401-SG
    ESX            4.0       ESX      ESX400-201104401-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Fusion.

  b. Likewise package update
 
    Updates to the vmware-esx-likewise-openldap and
    vmware-esx-likewise-krb5 packages address several security issues.

    One of the vulnerabilities is specific to Likewise while the other
    vulnerabilities are present in the MIT version of krb5.
    An incorrect assert() call in Likewise may lead to a termination
    of the Likewise-open lsassd service if a username with an illegal
    byte sequence is entered for user authentication when logging in to
    the Active Directory domain of the ESXi/ESX host. This would lead to
    a denial of service.
    The MIT-krb5 vulnerabilities are detailed in MITKRB5-SA-2010-007.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2011-1786 (Likewise-only issue),
    CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021 to these
    issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           4.1       ESXi     ESXi410-201104401-SG
    ESXi           4.0       ESXi     not affected
    ESXi           3.5       ESXi     not affected

    ESX            4.1       ESX      ESX410-201104401-SG
    ESX            4.0       ESX      not affected
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected

  c. ESX third party update for Service Console kernel
   
    The Service Console kernel is updated to include a fix for a
    security issue.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2010-2240 to this issue.

    VMware         Product   Running  Replace with/

    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201104401-SG
    ESX            4.0       ESX      see VMSA-2011-0003 section j
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   ESXi 4.1
   --------
   ESXi410-201104001
   Download link:
 
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-276-20110420-682
352/ESXi410-201104001.zip
   md5sum: 23bd026d6cbca718fe50ed1dd73cfe9d
   sha1sum: 82fa6da02a1f37430a15a659254426b3d3a62662
   http://kb.vmware.com/kb/1035111
   
   ESXi410-201104001 contains ESXi410-201104401-SG.


   ESX 4.1
   -------
   ESX410-201104001
   Download link:
 
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062
017/ESX410-201104001.zip
   md5sum: 757c3370ae63c75ef5b2178bd35a4ac3
   sha1sum: 95cfdc08e0988b4a0c0c3ea1a1acc1c661979888
   http://kb.vmware.com/kb/1035110
   
   ESX410-201104001 contains ESX410-201104401-SG.


   ESXi 4.0
   --------
   ESXi400-201104001
   Download link:
 
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-278-20110424-080
274/ESXi400-201104001.zip
   md5sum: 08216b7ba18988f608326e245ac27e98
   sha1sum: 508a04532f0af007ce7c9d7693371470ed8257f0
   http://kb.vmware.com/kb/1037261
 
   ESXi400-201104001 contains ESXi400-201104401-SG.
   

   ESX 4.0
   -------
   ESX400-201104001
   Download link:
 
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-277-20110424-816
604/ESX400-201104001.zip
   md5sum: 1a305fbf6c751403e56ef4e33cabde06
   sha1sum: bc7577cb80e69fbe81e3e9272a182deb42987b3d
   http://kb.vmware.com/kb/1037260

   ESX400-201104001 contains ESX400-201104401-SG.


5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1785
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1786
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240

   VMSA-2011-0003
   http://www.vmware.com/security/advisories/VMSA-2011-0003.html

   MITKRB5-SA-2010-007
   http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-007.txt

- ------------------------------------------------------------------------
6. Change log

2011-04-28  VMSA-2011-0007
Initial security advisory in conjunction with the release of
ESX/ESXi 4.0 and ESX/ESXi 4.1 patches on 2011-04-28.

- ------------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNuZubDEcm8Vbi9kMRAnwpAKDmLblfA++OHuWKEOiOzXmayf3JEgCgwfbN
kr36WEecIMy3XzvjG84ikVM=
=9R0l
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/