SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   VMware ESX Server Vendors:   VMware, Inc.
VMware ESXi Update Installer SFCB Authentication Lets Remote Users Gain Access
SecurityTracker Alert ID:  1024917
SecurityTracker URL:  http://securitytracker.com/id/1024917
CVE Reference:   CVE-2010-4573   (Links to External Site)
Date:  Dec 22 2010
Impact:   User access via network
Vendor Confirmed:  Yes  
Version(s): ESXi 4.1 Update Installer
Description:   A vulnerability was reported in the VMware ESXi Update Installer. A remote user can gain access to the target system.

When the ESXi 4.1 installer upgrades an ESXi 3.5 or ESXi 4.0 host to ESXi 4.1, the SFCB authentication may allow a remote user to login with arbitrary usernames and passwords.

Systems where the SFCB configuration file '/etc/sfcb/sfcb.cfg' was modified prior to the upgrade and where the sfcbd daemon is running are affected.

Impact:   A remote user can login to the target system.
Solution:   The vendor has described a workaround in VMware Knowledge Base Article KB 1031761, available at:

http://kb.vmware.com/kb/1031761

The vendor's advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2010-0020.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2010-0020.html (Links to External Site)
Cause:   Authentication error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Tue, 21 Dec 2010 13:52:15 -0800
Subject:  [Security-announce] VMSA-2010-0020 VMware ESXi 4.1 Update Installer SFCB Authentication Flaw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2010-0020
Synopsis:          VMware ESXi 4.1 Update Installer SFCB Authentication
                   Flaw
Issue date:        2010-12-21
Updated on:        2010-12-21
CVE numbers:       CVE-2010-4573
- ------------------------------------------------------------------------

1. Summary

   VMware ESXi 4.1 Update Installer might introduce a SFCB
   Authentication Flaw.

2. Relevant releases

   VMware ESXi 4.1 if upgraded from ESXi 3.5 or ESXi 4.0 with a modified
   SFCB configuration file.

3. Problem Description

 a. ESXi 4.1 Update Installer SFCB Authentication Flaw

    Under certain conditions, the ESXi 4.1 installer that upgrades an
    ESXi 3.5 or ESXi 4.0 host to ESXi 4.1 incorrectly handles the SFCB
    authentication mode. The result is that SFCB authentication could
    allow login with any username and password combination.

    An ESXi 4.1 host is affected if all of the following apply:
    - ESXi 4.1 was upgraded from ESXi 3.5 or ESXi 4.0.
    - The SFCB configuration file /etc/sfcb/sfcb.cfg was modified prior
      to the upgrade.
    - The sfcbd daemon is running (sfcbd runs by default).

    Workaround
    A workaround that can be applied to ESXi 4.1 is described in VMware
    Knowledge Base Article KB 1031761

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-4573 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           4.1       ESXi     see KB 1031761 for workaround **
    ESXi           4.0       ESXi     not affected
    ESXi           3.5       ESXi     not affected

    ESX            any       ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.
  ** ESXi 4.1 is only affected if upgraded from ESXi 3.5 or ESXi 4.0
     with a modified SFCB configuration file.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   ESXi 4.1
   --------
   Workaround described in VMware Knowledge Base Article KB 1031761
   http://kb.vmware.com/kb/1031761


5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4573

- ------------------------------------------------------------------------

6. Change log

2010-12-21  VMSA-2010-0020
Initial security advisory after release of VMware knowledge base article
that documents workaround on 2010-12-21.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAk0RIY0ACgkQS2KysvBH1xkl8gCfSAUJ2VEzLUhdC4RV3bxVvnJc
2IgAmQH1/c4TExQiJu/PWF8Yp6W8FCma
=GOJm
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC