VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1026818 |
|
SecurityTracker URL: http://securitytracker.com/id/1026818
|
|
CVE Reference:
CVE-2012-1508, CVE-2012-1510
(Links to External Site)
|
Date: Mar 16 2012
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0
|
Description:
A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system.
A local user on a guest operating system can trigger a buffer overflow or null pointer dereference in the display drivers to execute arbitrary code on the target system with elevated privileges.
A null pointer dereference in XPDM may occur [CVE-2012-1508].
A buffer overflow in WDDM may occur [CVE-2012-1510].
Tarjei Mandt reported these vulnerabilities.
|
Impact:
A local user on the guest operating system can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2012-0005.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 16 Mar 2012 07:15:59 +0000
Subject: VMware ESX Server
|
http://www.vmware.com/security/advisories/VMSA-2012-0005.html
a. VMware Tools Display Driver Privilege Escalation
The VMware XPDM and WDDM display drivers contain buffer overflow
vulnerabilities and the XPDM display driver does not properly
check for NULL pointers. Exploitation of these issues may lead
to local privilege escalation on Windows-based Guest Operating
Systems.
VMware would like to thank Tarjei Mandt for reporting theses
issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2012-1509 (XPDM buffer overrun),
CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null
pointer dereference) to these issues.
Note: CVE-2012-1509 doesn't affect ESXi and ESX.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product * Version on Apply Patch **
============= ======== ======= =================
vCenter any Windows not affected
Workstation 8.x any not affected
Player 4.x any not affected
Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi ESXi500-201112402-BG
ESXi 4.1 ESXi ESXi410-201110202-UG
ESXi 4.0 ESXi ESXi400-201110402-BG
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX not affected
* Remediation for VMware View is described in VMSA-2012-0004.
** Notes on updating VMware Guest Tools:
After the update or patch is applied, VMware Guest Tools must
be updated in any pre-existing Windows-based Guest Operating
System. The XPDM and WDDM drivers are part of Tools.
Windows-Based Virtual Machines that have moved to Workstation
8 or Player 4 from a lower version of Workstation or Player
are affected unless:
- They were moved from Workstation 7.1.5 or Player 3.1.5,
AND
- The Tools version was updated before the move.
Windows-Based Virtual Machines that have moved to Fusion 4
from a lower version of Fusion are affected.
|
|
