VMware Local Security Checks : VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0018)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103456

Categoría: VMware Local Security Checks

Título: VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0018)

Resumen: The remote ESXi is missing one or more security related Updates from VMSA-2010-0018.

Descripción: Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2010-0018.

Vulnerability Insight:
VMware hosted products and ESX patches resolve multiple security issues:

a. VMware Workstation, Player and Fusion vmware-mount race condition

The way temporary files are handled by the mounting process could result in a race condition. This
issue could allow a local user on the host to elevate their privileges.

VMware Workstation and Player running on Microsoft Windows are not affected.

b. VMware Workstation, Player and Fusion vmware-mount privilege escalation vmware-mount which is a suid
binary has a flaw in the way libraries are loaded. This issue could allow local users on the host to
execute arbitrary shared object files with root privileges.

VMware Workstation and Player running on Microsoft Windows are not affected.

c. OS Command Injection in VMware Tools update

A vulnerability in the input validation of VMware Tools update allows for injection of commands.

d. VMware VMnc Codec frame decompression remote code execution

The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware
Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part
of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.

A function in the decoder frame decompression routine implicitly trusts a size value.

Vulnerability Impact:
c. OS Command Injection in VMware Tools update

The issue could allow a user on the host to execute commands on the guest operating system with root privileges.

The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not
affected.

d. VMware VMnc Codec frame decompression remote code execution

An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer,
and could allow for execution of arbitrary code with the privileges of the user running an application utilizing
the vulnerable codec.

For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video
file on a system that has the vulnerable version of the VMnc codec installed.

Affected Software/OS:
ESXi 4.1 without patch ESXi410-201010402-BG or later

ESXi 4.0 without patch ESXi400-201009402-BG or later

ESXi 3.5 without patch ESXe350-201008402-T-BG or later

ESX 4.1 without patch ESX410-201010405-BG

ESX 4.0 without patch ESX400-201009401-SG

ESX 3.5 without patch ESX350-201008409-BG

Solution:
Apply the missing patch(es).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4295
BugTraq ID: 45167
http://www.securityfocus.com/bid/45167
Bugtraq: 20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/514995/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2010/000112.html
http://osvdb.org/69585
http://www.securitytracker.com/id?1024819
http://www.securitytracker.com/id?1024820
http://secunia.com/advisories/42453
http://secunia.com/advisories/42482
http://www.vupen.com/english/advisories/2010/3116
Common Vulnerability Exposure (CVE) ID: CVE-2010-4296
BugTraq ID: 45168
http://www.securityfocus.com/bid/45168
http://osvdb.org/69584
Common Vulnerability Exposure (CVE) ID: CVE-2010-4297
BugTraq ID: 45166
http://www.securityfocus.com/bid/45166
http://osvdb.org/69590
http://secunia.com/advisories/42480
Common Vulnerability Exposure (CVE) ID: CVE-2010-4294
BugTraq ID: 45169
http://www.securityfocus.com/bid/45169
http://osvdb.org/69596

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103456
Categoría:	VMware Local Security Checks
Título:	VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0018)
Resumen:	The remote ESXi is missing one or more security related Updates from VMSA-2010-0018.
Descripción:	Summary: The remote ESXi is missing one or more security related Updates from VMSA-2010-0018. Vulnerability Insight: VMware hosted products and ESX patches resolve multiple security issues: a. VMware Workstation, Player and Fusion vmware-mount race condition The way temporary files are handled by the mounting process could result in a race condition. This issue could allow a local user on the host to elevate their privileges. VMware Workstation and Player running on Microsoft Windows are not affected. b. VMware Workstation, Player and Fusion vmware-mount privilege escalation vmware-mount which is a suid binary has a flaw in the way libraries are loaded. This issue could allow local users on the host to execute arbitrary shared object files with root privileges. VMware Workstation and Player running on Microsoft Windows are not affected. c. OS Command Injection in VMware Tools update A vulnerability in the input validation of VMware Tools update allows for injection of commands. d. VMware VMnc Codec frame decompression remote code execution The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package. A function in the decoder frame decompression routine implicitly trusts a size value. Vulnerability Impact: c. OS Command Injection in VMware Tools update The issue could allow a user on the host to execute commands on the guest operating system with root privileges. The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected. d. VMware VMnc Codec frame decompression remote code execution An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed. Affected Software/OS: ESXi 4.1 without patch ESXi410-201010402-BG or later ESXi 4.0 without patch ESXi400-201009402-BG or later ESXi 3.5 without patch ESXe350-201008402-T-BG or later ESX 4.1 without patch ESX410-201010405-BG ESX 4.0 without patch ESX400-201009401-SG ESX 3.5 without patch ESX350-201008409-BG Solution: Apply the missing patch(es). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4295 BugTraq ID: 45167 http://www.securityfocus.com/bid/45167 Bugtraq: 20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (Google Search) http://www.securityfocus.com/archive/1/514995/100/0/threaded http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69585 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://secunia.com/advisories/42453 http://secunia.com/advisories/42482 http://www.vupen.com/english/advisories/2010/3116 Common Vulnerability Exposure (CVE) ID: CVE-2010-4296 BugTraq ID: 45168 http://www.securityfocus.com/bid/45168 http://osvdb.org/69584 Common Vulnerability Exposure (CVE) ID: CVE-2010-4297 BugTraq ID: 45166 http://www.securityfocus.com/bid/45166 http://osvdb.org/69590 http://secunia.com/advisories/42480 Common Vulnerability Exposure (CVE) ID: CVE-2010-4294 BugTraq ID: 45169 http://www.securityfocus.com/bid/45169 http://osvdb.org/69596
Copyright	Copyright (C) 2012 Greenbone Networks GmbH