Bugtraq mailing list archives
VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
From: VMware Security Team <security () vmware com>
Date: Thu, 28 Apr 2011 09:54:52 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0007
Synopsis: VMware ESXi and ESX Denial of Service and third party
updates for Likewise components and ESX Service
Console
Issue date: 2011-04-28
Updated on: 2011-04-28
CVE numbers: CVE-2011-1785 CVE-2011-1786 CVE-2010-1324
CVE-2010-1323 CVE-2010-4020 CVE-2010-4021
CVE-2010-2240
- ------------------------------------------------------------------------
1. Summary
VMware ESXi and ESX could encounter a socket exhaustion situation
which may lead to a denial of service. Updates to Likewise components
and to the ESX Service Console address security vulnerabilities.
2. Relevant releases
VMware ESXi 4.1 without patch ESXi410-201104401-SG.
VMware ESXi 4.0 without patch ESXi400-201104401-SG.
VMware ESX 4.1 without patch ESX410-201104401-SG.
VMware ESX 4.0 without patch ESX400-201104401-SG.
3. Problem Description
a. ESX/ESXi Socket Exhaustion
By sending malicious network traffic to an ESXi or ESX host an
attacker could exhaust the available sockets which would prevent
further connections to the host. In the event a host becomes
inaccessible its virtual machines will continue to run and have
network connectivity but a reboot of the ESXi or ESX host may be
required in order to be able to connect to the host again.
ESXi and ESX hosts may intermittently lose connectivity caused by
applications that do not correctly close sockets. If this occurs an
error message similar to the following may be written to the vpxa
log:
socket() returns -1 (Cannot allocate memory)
An error message similar to the following may be written to the
vmkernel logs:
socreate(type=2, proto=17) failed with error 55
VMware would like to thank Jimmy Scott at inet-solutions.be for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2011-1785 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201104401-SG
ESXi 4.0 ESXi ESXi400-201104401-SG
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201104401-SG
ESX 4.0 ESX ESX400-201104401-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. Likewise package update
Updates to the vmware-esx-likewise-openldap and
vmware-esx-likewise-krb5 packages address several security issues.
One of the vulnerabilities is specific to Likewise while the other
vulnerabilities are present in the MIT version of krb5.
An incorrect assert() call in Likewise may lead to a termination
of the Likewise-open lsassd service if a username with an illegal
byte sequence is entered for user authentication when logging in to
the Active Directory domain of the ESXi/ESX host. This would lead to
a denial of service.
The MIT-krb5 vulnerabilities are detailed in MITKRB5-SA-2010-007.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-1786 (Likewise-only issue),
CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201104401-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201104401-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
c. ESX third party update for Service Console kernel
The Service Console kernel is updated to include a fix for a
security issue.The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2010-2240 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201104401-SG ESX 4.0 ESX see VMSA-2011-0003 section j ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 4.1 -------- ESXi410-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-276-20110420-682 352/ESXi410-201104001.zip md5sum: 23bd026d6cbca718fe50ed1dd73cfe9d sha1sum: 82fa6da02a1f37430a15a659254426b3d3a62662 http://kb.vmware.com/kb/1035111ESXi410-201104001 contains ESXi410-201104401-SG.
ESX 4.1 ------- ESX410-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062 017/ESX410-201104001.zip md5sum: 757c3370ae63c75ef5b2178bd35a4ac3 sha1sum: 95cfdc08e0988b4a0c0c3ea1a1acc1c661979888 http://kb.vmware.com/kb/1035110ESX410-201104001 contains ESX410-201104401-SG.
ESXi 4.0 -------- ESXi400-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-278-20110424-080 274/ESXi400-201104001.zip md5sum: 08216b7ba18988f608326e245ac27e98 sha1sum: 508a04532f0af007ce7c9d7693371470ed8257f0 http://kb.vmware.com/kb/1037261 ESXi400-201104001 contains ESXi400-201104401-SG.
ESX 4.0 ------- ESX400-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-277-20110424-816 604/ESX400-201104001.zip md5sum: 1a305fbf6c751403e56ef4e33cabde06 sha1sum: bc7577cb80e69fbe81e3e9272a182deb42987b3d http://kb.vmware.com/kb/1037260 ESX400-201104001 contains ESX400-201104401-SG. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240 VMSA-2011-0003 http://www.vmware.com/security/advisories/VMSA-2011-0003.html MITKRB5-SA-2010-007 http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-007.txt - ------------------------------------------------------------------------ 6. Change log 2011-04-28 VMSA-2011-0007 Initial security advisory in conjunction with the release of ESX/ESXi 4.0 and ESX/ESXi 4.1 patches on 2011-04-28. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFNuZubDEcm8Vbi9kMRAnwpAKDmLblfA++OHuWKEOiOzXmayf3JEgCgwfbN kr36WEecIMy3XzvjG84ikVM= =9R0l -----END PGP SIGNATURE-----
Current thread:
- VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console VMware Security Team (Apr 28)