(VMware Issues Fix for ESX Server) Linux Kernel fcntl_setlk() Race Condition May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1020573
|
|
SecurityTracker URL: http://securitytracker.com/id?1020573
|
|
CVE Reference: CVE-2008-1669
(Links to External Site)
|
Date: Jul 29 2008
|
Impact: Root access via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.0.1, 3.0.2, 3.5
|
Description: A vulnerability was reported in the Linux Kernel. A local user can obtain elevated privileges on the target system. VMware ESX Server is affected.
A local user can exploit a race condition in 'locks.c' to gain re-ordered access to the descriptor table.
Alexander Viro reported this vulnerability.
|
Impact: A local user can obtain elevated privileges on the target system.
|
Solution: VMware has issued a fix for VMware ESX Server 3.5 (patch ESX350-200806201-UG), which is affected by this vulnerability.
ESX 3.0.1
and 3.0.2 are affected but no update is planned.
ESX 2.5.4 and 2.5.5 are not affected.
The VMware advisory will be available
at:
http://www.vmware.com/security/advisories/
|
Cause: State error
|
Reported By: security-announce@lists.vmware.com
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 28 Jul 2008 18:11:35 -0700
From: security-announce@lists.vmware.com
Subject: [Security-announce] VMSA-2008-00011 Updated ESX service console
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-00011
Synopsis: Updated ESX service console packages for Samba
and vmnix
Issue date: 2008-07-28
Updated on: 2008-07-28 (initial release of advisory)
CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206
CVE-2008-0007 CVE-2008-1367 CVE-2008-1375
CVE-2008-1669 CVE-2006-4814 CVE-2008-1105
- -------------------------------------------------------------------
1. Summary:
Updated ESX packages address several security issues.
2. Relevant releases:
VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
ESX350-200806218-UG (samba)
3. Problem description:
I Service Console rpm updates
a. Security Update to Service Console Kernel
This fix upgrades service console kernel version to 2.4.21-57.EL.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
ESX 2.5.4 ESX not applicable
b. Samba Security Update
This fix upgrades the service console rpm samba to version
3.0.9-1.3E.15vmw
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-1105 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806218-UG
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
ESX 2.5.4 ESX affected, patch pending
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
ESX 3.5 (Samba)
http://download3.vmware.com/software/esx/ESX350-200806218-UG
md5sum: dfad21860ba24a6322b36041c0bc2a07
http://kb.vmware.com/kb/1005931
ESX 3.5 (vmnix)
http://download3.vmware.com/software/esx/ESX350-200806201-UG
md5sum: 2888192905a6763a069914fcd258d329
http://kb.vmware.com/kb/1005894
5. References:
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
- -------------------------------------------------------------------
6. Change log:
2008-07-28 VMSA-2008-0011 Initial release
- ---------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIjm47S2KysvBH1xkRCBHHAJsFM/IF/oaAFats+cKnYkGy/zhsLACeNb2u
YZDiKbwIR5cgq7po71RoI9k=
=y2cT
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
|
|
