{ "file_item": { "filepath": "security-advisories", "filename": "Updated-CERT-EU-SA2017.pdf" }, "title": "UPDATE Critical Vulnerabilities in VMWare ESXi, Workstation, and Fusion", "serial_number": "2017-007", "publish_date": "29-03-2017 13:16:00", "description": "VMWare released an advisory for VMWare ESXi, Workstation, and Fusion products [1]. The advisory addresses critical and moderate security issues that may allow a guest system to execute code on the host system (CVE-2017-4902, CVE-2017-4903, and CVE-2017-4904).", "url_title": "2017-007", "content_markdown": "---\ntitle: 'Critical Vulnerabilities in VMWare ESXi, Workstation, and Fusion'\nversion: '1.1'\nnumber: '2017-007'\ndate: 'March 31, 2017'\n---\n\n_History:_\n\n* _29/03/2017 --- v1.0: Initial publication_\n* _31/03/2017 --- v1.1: Correction regarding VMWare ESXi 5.5_\n\n# Summary\n\nOn March 28, 2017, VMWare released an advisory for VMWare ESXi, Workstation, and Fusion products [1]. The advisory addresses critical and moderate security issues.\n\nCritical vulnerabilities may allow a guest system to execute code on the host system (CVE-2017-4902, CVE-2017-4903, and CVE-2017-4904).\n\nThe other vulnerability (CVE-2017-4905) may lead to information leak from the guest system.\n\nThese vulnerabilities were discovered by two teams (Team Sniper and Qihoo 360) during Pwn2Own event at CanSecWest [2].\n\n# Technical Details\n\nThe discovered vulnerabilities targeting VMWare products are:\n\n* CVE-2017-4902 (critical): Heap overflow leading to arbitrary code execution\n* CVE-2017-4903 (critical): Uninitialized stack value leading to arbitrary code execution\n* CVE-2017-4904 (critical): Uninitialized stack value leading to arbitrary code execution\n* CVE-2017-4905 (moderate): Uninitialized memory read leading to information disclosure\n\n# Vulnerable Systems\n\n* VMWare ESXi 5.5 - CVE-2017-4904 (moderate) and CVE-2017-4905 (moderate)\n* VMWare ESXi 6.0 - all vulnerabilities except CVE-2017-4902\n* VMWare ESXi 6.5 - all vulnerabilities\n* VMware Workstation 12.X - all vulnerabilities\n* VMware Fusion 8.x (OS X) - all vulnerabilities\n\n_Note:_ VMware ESXi 6.0 is not affected by CVE-2017-4902. Furthermore, CVE-2017-4904 only leads to denial of service on VMWare ESXi 5.5 (moderate).\n\n# Recommendations\n\nApply upgrades provided by VMWare for all affected products as soon as possible [1].\n\nNo other workarounds are available.\n\n# References\n\n[1] \n\n[2] \n", "content_html": "

History:

Summary

On March 28, 2017, VMWare released an advisory for VMWare ESXi, Workstation, and Fusion products [1]. The advisory addresses critical and moderate security issues.

Critical vulnerabilities may allow a guest system to execute code on the host system (CVE-2017-4902, CVE-2017-4903, and CVE-2017-4904).

The other vulnerability (CVE-2017-4905) may lead to information leak from the guest system.

These vulnerabilities were discovered by two teams (Team Sniper and Qihoo 360) during Pwn2Own event at CanSecWest [2].

Technical Details

The discovered vulnerabilities targeting VMWare products are:

Vulnerable Systems

Note: VMware ESXi 6.0 is not affected by CVE-2017-4902. Furthermore, CVE-2017-4904 only leads to denial of service on VMWare ESXi 5.5 (moderate).

Recommendations

Apply upgrades provided by VMWare for all affected products as soon as possible [1].

No other workarounds are available.

References

[1] https://www.vmware.com/security/advisories/VMSA-2017-0006.html

[2] https://blogs.vmware.com/security/2017/03/security-landscape-pwn2own-2017.html

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }