[Other] Schwachstelle in VMware ESX 2.5.5 vor Patch 12 – VMSA-2009-0003

[Other] Schwachstelle in VMware ESX 2.5.5 vor Patch 12 - VMSA-2009-0003

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung. Wir geben diese Informationen
unveraendert an Sie weiter.

CVE-2008-3916 – Schwachstelle im Editor GNU ed vor Version 1.0

Im Editor GNU ed kann mit einem sehr langen Dateinamen, der auf der
Kommandozeile angegeben wird, ein Heap Overflow in der Funktion
strip_escapes() ausgeloest werden. Ein Angreifer kann beliebige
Befehle mit den Rechten des Benutzers ausfuehren, wenn dieser eine
Datei mit entsprechend manipulierten Namen oeffnet. In der Regel
sollte der Dateiname den Benutzer allerdings stutzig machen.

Betroffen sind die folgenden Software Pakete und Plattformen:

VMWare ESX 2.5.5 ohne Update Patch 12

VMWare ESX

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://lists.vmware.com/pipermail/security-announce/2009/000051.html

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —

Michael Groening (Incident Response Team), +49 40 808077-555

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

16. DFN-Workshop Sicherheit in vernetzten Systemen
https://www.dfn-cert.de/ws2009/

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ————————————————————————

VMware Security Advisory

Advisory ID: VMSA-2009-0003
Synopsis: ESX 2.5.5 patch 12 updates service console package ed
Issue date: 2009-01-26
Updated on: 2009-01-26 (initial release of advisory)
CVE numbers: CVE-2008-3916
– – ————————————————————————

1. Summary

ESX 2.5.5 patch 12 Build 142708 updates service console package ed

2. Relevant releases

VMware ESX 2.5.5 before patch 12

Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan
to upgrade to ESX 3.0.3 and preferably to the newest release available.

3. Problem Description

a. Updated ESX patch updates Service Console package ed

ed is a line-oriented text editor, used to create, display, and
modify text files (both interactively and via shell scripts).

A heap-based buffer overflow was discovered in the way ed, the GNU
line editor, processed long file names. An attacker could create a
file with a specially-crafted name that could possibly execute an
arbitrary code when opened in the ed editor.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-3916 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi 3.5 ESXi not affected

ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX Upgrade Patch 12

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX 2.5.5 Upgrade Patch 12 Build 142709
www.vmware.com/support/esx25/doc/esx-255-142709-patch.html
http://download3.vmware.com/software/esx/esx-2.5.5-142709-upgrade.tar.gz
md5sum: 2a0bd5cc3591b1f6b04616fa2c97f78c

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916

– – ————————————————————————
6. Change log

2009-02-20 VMSA-2009-0003
Initial security advisory after release of patch 12 for ESX 2.5.5
on 2009-02-20.

– – ———————————————————————–
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc. All rights reserved.

– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkmnM3oACgkQS2KysvBH1xkUqACeKFtI8K3o1Ppy9r3Fyry1R7WA
QkkAnjF7KK7M+2eHulDrNsb1PBDgxZF7
=IXDF
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFJq/9Ck0kIxZMiiQ8RAiSzAKCd5r4zpvQwxUqTOrV9U3RTs53VJwCglG/C
6n2xd1uOQSLeNcjKDtxBuQY=
=n2qy
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben