Bugtraq mailing list archives
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
From: VMware Security Team <security () vmware com>
Date: Mon, 07 Mar 2011 22:07:25 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0004
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability
and ESX third party updates for Service Console
packages bind, pam, and rpm.
Issue date: 2011-03-07
Updated on: 2011-03-07 (initial release of advisory)
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762
CVE-2010-3316 CVE-2010-3435 CVE-2010-3853
CVE-2010-2059 CVE-2010-3609
- ------------------------------------------------------------------------
1. Summary
Service Location Protocol daemon (SLPD) denial of service issue and
ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
2. Relevant releases
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patch ESX410-201101201-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG,
ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG.
3. Problem Description
a. Service Location Protocol daemon DoS
This patch fixes a denial-of-service vulnerability in
the Service Location Protocol daemon (SLPD). Exploitation of this
vulnerability could cause SLPD to consume significant CPU
resources.
VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi ESXi400-201103401-SG
ESXi 3.5 ESXi not applicable
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX ESX400-201103401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
b. Service Console update for bind
This patch updates the bind-libs and bind-utils RPMs to version
9.3.6-4.P1.el5_5.3, which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3613, CVE-2010-3614, and
CVE-2010-3762 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201103407-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3316, CVE-2010-3435, and CVE-2010-3853 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affectedESXi any ESXi not applicable
ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201103404-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, Fusion. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2059 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201103406-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable* hosted products are VMware Workstation, Player, Fusion.
4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 4.1 Installable Update 1 ----------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_ 0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.ht ml http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0fSHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488
VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. ESX 4.1 Update 1 ---------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_ 0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.htm l http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504esha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922
VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. ESXi 4.0 -------- ESXi400-201103001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677 367/ESXi400-201103001.zip md5sum: a68ef31414573460cdadef4d81fb95d0 sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31 http://kb.vmware.com/kb/1032823 ESXi400-201103001 containes the following security bulletins: ESXi400-201103401-SG (openssl) | http://kb.vmware.com/kb/1032820 ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821ESX 4.0
------- ESX400-201103001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574 144/ESX400-201103001.zip md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8 sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b http://kb.vmware.com/kb/1032822 ESX400-201103001 containes the following security bulletins:ESX400-201103401-SG (SLPD, openssl, COS kernel) | http://kb.vmware.com/kb/1032814
ESX400-201103403-SG (JRE, Tomcat) | http://kb.vmware.com/kb/1032815 ESX400-201103404-SG (pam) | http://kb.vmware.com/kb/1032816 ESX400-201103405-SG (bzip2) | http://kb.vmware.com/kb/1032817 ESX400-201103406-SG (popt/rpm) | http://kb.vmware.com/kb/1032818 ESX400-201103407-SG (bind) | http://kb.vmware.com/kb/1032819 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609 - ------------------------------------------------------------------------ 6. Change log 2011-03-07 VMSA-2011-0004 Initial security advisory in conjunction with the release of VMware ESX/ESXi 4.0 patches on 2011-03-07 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFNdceBS2KysvBH1xkRAs3MAJ0ezxEepDLaIgTNPd0v4QBrdw6ssQCfRgPw XlxhmCY1Md8s4gnoyjDGvnE= =kJHZ -----END PGP SIGNATURE-----
Current thread:
- VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. VMware Security Team (Mar 08)