-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0047 Title: Multiple vulnerabilities in VMWare ESX [1] Version history: 30.03.2012 Initial publication Summary ======= VMware ESXi and ESX address several security issues: - - VMware ROM Overwrite Privilege Escalation - - ESX third party update for Service Console kernel - - ESX third party update for Service Console krb5 RPM These vulnerabilities may lead to unauthorised access to the targeted Virtual Machines or cause a denial of service. CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862 Vulnerable systems ================== ESXi 4.1 without patch ESXi410-201101201-SG ESXi 4.0 without patch ESXi400-201203401-SG ESXi 3.5 without patch ESXe350-201203401-I-SG ESX 4.1 without patch ESX410-201101201-SG ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG ESX 3.5 without patch ESX350-201203401-SG Original Details ================ *CVE-2012-1515 VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit. *CVE-2011-2482, CVE-2011-3191 and CVE-2011-4348 ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the COS kernel. *CVE-2011-4862 ESX third party update for Service Console krb5 RPM This patch updates the krb5-libs and krb5-workstation RPMs to version 1.6.1-63.el5_7 to resolve a security issue. By default, the affected krb5-telnet and ekrb5-telnet services do not run. The krb5 telnet daemon is an xinetd service. You can run the following commands to check if krb5 telnetd is enabled: /sbin/chkconfig --list krb5-telnet /sbin/chkconfig --list ekrb5-telnet Work-around: You can run the following commands to disable krb5 telnet daemon: /sbin/chkconfig krb5-telnet off /sbin/chkconfig ekrb5-telnet off What can you do? ================ Fix is available [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/security/advisories/VMSA-2012-0006.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862 [7] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPdboCAAoJEPpzpNLI8SVoMR4P/RVVt4meu0Yl8H10/ATFIBzA pUPFVJvf40exZ+F9INY+z+iiJ+2V4CdfQj7tIuIaZElR/ux0flKV7jAgc7euU4Ei FGv9zP4YuRxJJXs58QrjaumCBbsz0rrf14eDOg8STFY3Z+m/kaa358380zfiSC0p T3knAdqNX093F4RwZUKXgEUOXPCuVkkOc1er+IzBEugTVVsDG82b607oBy1dk0vJ YhNMIAxEYxr+9i2TMxw75nt3OwctwFNXC8Fd8oJY1WSPZqhEh7CxpR34z07HpkSH NHY27W5V8NHpJ+YjIxoN5h2HrtStgInub0t098g93GqIQY6uOL6PDZOC/sVKlE1Q eDTVaIrY4UqA2WnFSr8k77Ff7hiiXoLA1CmUKEKrR1jNgJhdxjHqWemyikBZPSQm J2LYuX1YOeIJjPqoWjk8zvrBoFFBPg+DQXhBIGPjWJCQ4XCYEiRBJtHo20i+FwGK sMl3ULDtqQZGqSOgE+mTekkxWg0PU1zsGohW3xV7nQSXUcR7ASAVZz7g13MDwAFE POUIQA0wEtNvuA/Jkf5Ws3mFw/Pr196RbKqitg51KU6PDRDg7D199y5Z3XoYB1zb ve2DxAg4S2Vbu9FjA7kWPajQvBUNvzl4lVfAynLsetotRjxVrzw8pU7a3llcpU1S j8eYPH0jEeq3VxH8w+vy =glQ6 -----END PGP SIGNATURE-----