VMSA-2012-0018 VMware security updates for vCSA and ESXi

2013-01-02T00:00:00
ID SECURITYVULNS:DOC:28907
Type securityvulns
Reporter Securityvulns
Modified 2013-01-02T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                   VMware Security Advisory

Advisory ID: VMSA-2012-0018 Synopsis: VMware security updates for vCSA and ESXi Issue date: 2012-12-20 Updated on: 2012-12-20 (initial advisory) CVE numbers: ------------- vCSA --------------- CVE-2012-6324, CVE-2012-6325 ------------- glibc -------------- CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480


  1. Summary

VMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities

  1. Relevant releases

    vCenter Server Appliance 5.1 without Patch 1 vCenter Server Appliance 5.0 without Update 2

    VMware ESXi 5.1 without patch ESXi510-201212101 VMware ESXi 5.0 without patch ESXi500-201212101

  2. Problem Description

a. vCenter Server Appliance directory traversal

  The vCenter Server Appliance (vCSA) contains a directory
  traversal vulnerability that allows an authenticated 
  remote user to retrieve arbitrary files. Exploitation of
  this issue may expose sensitive information stored on the 
  server.

  VMware would like to thank Alexander Minozhenko from ERPScan for
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2012-6324 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

    VMware          Product   Running  Replace with/
    Product         Version   on       Apply Patch
    ==============  ========  =======  =================
    vCSA            5.1       Linux    vCSA 5.1 Patch 1
    vCSA            5.0       Linux    vCSA 5.0 Update 2

b. vCenter Server Appliance arbitrary file download

  The vCenter Server Appliance (vCSA) contains an XML parsing 
  vulnerability that allows an authenticated remote user to
  retrieve arbitrary files.  Exploitation of this issue may
  expose sensitive information stored on the server.

  VMware would like to thank Alexander Minozhenko from ERPScan for
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2012-6325 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

    VMware          Product   Running  Replace with/
    Product         Version   on       Apply Patch
    ==============  ========  =======  =================
    vCSA            5.1       Linux    not affected
    vCSA            5.0       Linux    vCSA 5.0 Update 2

c. Update to ESX glibc package

  The ESX glibc package is updated to version glibc-2.5-81.el5_8.1
  to resolve multiple security issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2009-5029, CVE-2009-5064,
  CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864
  CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480
  to these issues.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

    VMware          Product   Running  Replace with/
    Product         Version   on       Apply Patch
    ==============  ========  =======  =================
    ESXi            5.1       ESXi     ESXi510-201212101
    ESXi            5.0       ESXi     ESXi500-201212101
    ESXi            4.1       ESXi     no patch planned
    ESXi            4.0       ESXi     no patch planned
    ESXi            3.5       ESXi     not applicable

    ESX             any       ESX      not applicable
  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

ESXi and ESX


The download for ESXi includes vCenter Server Appliance.

https://downloads.vmware.com/go/selfsupport-download

ESXi 5.1 http://kb.vmware.com/kb/2035775

ESXi 5.0 http://kb.vmware.com/kb/2033751

  1. References

    ------------- vCSA --------------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325 ------------- glibc -------------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480


  1. Change log

2012-12-20 VMSA-2012-0018 Initial security advisory in conjunction with the release of vSphere 5.1 Patch 1 and vSphere 5.0 Update 2 on 2012-12-20.


  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 2599) Charset: utf-8

wj8DBQFQ01bsDEcm8Vbi9kMRAkXEAJoClYysvoV67RKiZ0uN1YszPcN0LQCg8QMV OWjpV7Bnt27472i5EOhk9fI= =jrDP -----END PGP SIGNATURE-----