vmware.bof.txt

1999-08-17T00:00:00
ID PACKETSTORM:11847
Type packetstorm
Reporter Asylum Security
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Fri, 25 Jun 1999 19:18:35 -0700  
From: Jason R. Rhoads <jason.rhoads@SABERNET.NET>  
To: BUGTRAQ@netspace.org  
Subject: VMware Security Alert  
  
"On June 22nd, 1999, VMware, Inc. was notified of a security problem with  
VMware for Linux 1.0.1. This security hole is also present in all previous  
versions of VMware for Linux. The security hole has been fixed in VMware for  
Linux 1.0.2 released today. The security hole allows a buffer overrun attack  
against VMware for Linux to result in unprivileged root access to a machine  
An updated version of VMware for Linux which fixes this problem is available  
now, see below. As far as we know, this breach has never been used for malicious  
purposes, or caused any harm to customer installations. VMware, Inc. apologizes  
for the inconvenience to our users."  
  
http://www.vmware.com/news/security.html  
  
-----------------------------------------------------------------------------  
  
<http://www.vmware.com/news/security.html>  
  
  
  
VMware Security Alert  
Date: June 25th, 1999  
  
  
  
On June 22nd, 1999, VMware, Inc. was notified of a security problem with VMware for Linux 1.0.1. This security hole is  
also present in all previous versions of VMware for Linux. The security hole has been fixed in VMware for Linux 1.0.2  
released today. The security hole allows a buffer overrun attack against VMware for Linux to result in unprivileged root  
access to a machine. An updated version of VMware for Linux which fixes this problem is available now, see below. As  
far as we know, this breach has never been used for malicious purposes, or caused any harm to customer installations.  
VMware, Inc. apologizes for the inconvenience to our users.  
  
  
Vulnerable Systems  
  
The security hole allows an attack to occur during VMware startup, but before a virtual machine is powered on. Guest  
operating systems themselves are unlikely to be affected by these buffer overflow attacks. Systems most vulnerable to  
this attack are multi-user Linux systems that have VMware installed. A malicious user with access to an account on the  
system could exploit the hole. Stand alone single-user machines are not at high risk from this security hole. This hole  
does not allow direct network based 'worm' style attacks against VMware.  
  
This security hole was discovered by Asylum Security, a division of CyberSpace 2000,   
<http://www.cyberspace2000.com/security/> a professional computer security  
response team. VMware has taken immediate action in response to this event. VMware for Linux 1.0.2 was made  
available for download on June 25th, 1999 on our web site and mirror sites. The shipment of CD-ROMs has been  
suspended and the inventory discarded. Customers who have purchased VMware for have been notified by electronic mail,  
VMware has also posted security alerts to newsgroups at news.vmware.com.  
  
  
Affected VMware Releases  
  
This security hole is present in VMware for Linux 1.0.1 and all previous versions, including the beta versions  
(build-106, build-135, build-152) and the experimental version (build-179). VMware recommends that users replace  
beta and experimental versions with VMware for Linux 1.0.2. An updated VMware for Linux experimental release with  
fixes for this security hole will be made available in the near future.  
  
  
How to Close this Security Hole  
  
The security hole can be closed by simply upgrading to VMware for Linux version 1.0.2:   
  
1.Download VMware for Linux 1.0.2 from one of our mirror sites  
<http://www.vmware.com/download/downloadlinux.html>  
  
2.Untar the distribution.  
tar zxvf vmware-1.0.2.tar.gz  
  
3.Change directory to vmware-install  
cd vmware-install  
  
4.As root, install VMware for Linux  
su  
./install.pl  
  
You will first be asked whether you want to upgrade VMware for Linux. Simply answer yes at this point and  
then follow any installer instructions.  
  
NOTE: It is not possible to resolve this security problem by removing suid (Set User ID) root privileges from  
the VMware executable. VMware must be suid root to run correctly.  
  
  
Reporting Security Issues  
  
VMware is committed to addressing security issues and providing customers with information on how they can protect  
themselves. If you identify what you believe may be a security issue with a VMware product, please send an email to  
security@vmware.com. We will work to appropriately address and communicate the issue.  
  
  
Notification of Security Alerts  
  
When VMware becomes aware of a security issue that significantly affects our products, we will take action to notify  
affected customers. Typically this notification will be in the form of a security bulletin explaining the issue, and where  
possible a response to the problem. These bulletins will both be emailed to affected customers and posted on our web site  
and newsgroups at news.vmware.com. <http://www.vmware.com/support/newsgroups.html>  
  
-----------------------------------------------------------------------------  
  
Date: Sat, 26 Jun 1999 17:33:22 -0400  
From: Don <don@CYBERSPACE2000.COM>  
To: BUGTRAQ@netspace.org  
Subject: VMWare Advisory - buffer overflows  
  
This advisory was made on 06/21/99 and was to be released on 06/28/99 (or  
after a fix was released). We would like to recognize the VMware staff and  
their responsiveness to the bug reports. Last night, customers who  
purchased their product received notices to upgrade to VMware v1.0.2.  
  
For more information on the VMware bugs, visit:  
  
http://www.vmware.com/news/security.html  
http://www.cyberspace2000.com/security/advisories  
  
-Don Sausa  
  
----------[asylum security]------------  
id: #99021, team director  
e-mail: don@cyberspace2000.com  
web: http://cyberspace2000.com/security  
---------------------------------------  
  
  
Team Asylum Security  
Copyright (c) 1999 By CyberSpace 2000  
http://www.cyberspace2000.com/security  
Source: Seth L. [seth@cyberspace2000.com]  
Advisory Date: 06/21/99  
Release Date: 06/28/99  
  
[ Final Revision: 06/25/99 ]  
  
Affected  
--------  
VMware v1.0.1 and earlier for Linux.  
  
Product Description  
-------------------  
VMware v1.0.1 is a software product by VMware, Inc. that creates a  
virtual machine in which you can install multiple operating systems  
without repartitioning or formatting your hard drive.  
  
Vulnerability Summary  
---------------------  
Team Asylum has found multiple buffer overflows existing in VMware v1.0.1  
for Linux. Earlier versions also have the same buffer overflows.  
VMware Inc. has been notified of these overflows and they have released  
VMware v1.0.2 as a fix. Any local user can exploit these overflows to gain  
root access.  
  
Fix  
---  
All users are encouraged to upgrade to VMware v1.0.2. You may download  
it directly off http://www.vmware.com.  
  
Special Thanks  
--------------  
Special thanks to VMware staff for responding quickly to our bug reports.  
Within 3 days, they have managed to fix the overflows, as well as stop the  
physical distribution of their v1.0.1 product. All customers who have  
purchased VMware have been notified as of 06/25/99 12:00 midnight (PST)  
about the new VMware v1.0.2 version.  
  
`