Home / vulnerabilitiesPDF  

VMSA-2008-00011.txt

Posted on 29 July 2008
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2008-00011
Synopsis: Updated ESX service console packages for Samba
and vmnix
Issue date: 2008-07-28
Updated on: 2008-07-28 (initial release of advisory)
CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206
CVE-2008-0007 CVE-2008-1367 CVE-2008-1375
CVE-2008-1669 CVE-2006-4814 CVE-2008-1105
- -------------------------------------------------------------------

1. Summary:

Updated ESX packages address several security issues.

2. Relevant releases:

VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
ESX350-200806218-UG (samba)

3. Problem description:

I Service Console rpm updates

a. Security Update to Service Console Kernel

This fix upgrades service console kernel version to 2.4.21-57.EL.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable

hosted any any not applicable

ESXi 3.5 ESXi not applicable

ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
ESX 2.5.4 ESX not applicable

b. Samba Security Update

This fix upgrades the service console rpm samba to version
3.0.9-1.3E.15vmw

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-1105 to this issue.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable

hosted any any not applicable

ESXi 3.5 ESXi not applicable

ESX 3.5 ESX patch ESX350-200806218-UG
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
ESX 2.5.4 ESX affected, patch pending

4. Solution:

Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.

ESX 3.5 (Samba)
http://download3.vmware.com/software/esx/ESX350-200806218-UG
md5sum: dfad21860ba24a6322b36041c0bc2a07
http://kb.vmware.com/kb/1005931

ESX 3.5 (vmnix)
http://download3.vmware.com/software/esx/ESX350-200806201-UG
md5sum: 2888192905a6763a069914fcd258d329
http://kb.vmware.com/kb/1005894

5. References:

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

- -------------------------------------------------------------------
6. Change log:

2008-07-28 VMSA-2008-0011 Initial release

- ---------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQFIjnDeS2KysvBH1xkRCHW/AJdSYUVcCbNcmzKhta11Rr93caV1AJ47JuH6
Q6w8+D+ugeFo6fzlDc+pzQ==
=gr21
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP

Malware :

Exploits :