SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   VMware ESX Server Vendors:   VMware, Inc.
VMware ESX/Cisco Nexus 1000V Packet Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1025030
SecurityTracker URL:  http://securitytracker.com/id/1025030
CVE Reference:   CVE-2011-0355   (Links to External Site)
Date:  Feb 8 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX/ESXi 4.0, 4.1
Description:   A vulnerability was reported in VMware ESX/Cisco Nexus 1000V. A remote user can cause denial of service conditions.

The Cisco Nexus 1000V Virtual Ethernet Module (VEM) virtual switch for ESX and ESXi does not properly process dropped packets. A remote user can send specially crafted data to cause the target ESX or ESXi kernel to crash.

VMware users that have deployed the Cisco Nexus 1000V virtual switch as a replacement for the VMware vNetwork Standard Switch or the VMware vNetwork Distributed Switch are affected.

Cisco has assigned Cisco bug ID CSCtj17451 to this vulnerability.

The following Cisco products are affected:

Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b)
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a)
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3)
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2)
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1)

The VMware vNetwork Standard Switch and the VMware vNetwork Distributed Switch are not affected.

[Editor's note: VMware has issued a security advisory. At the time of this entry, Cisco has not released a security advisory.]

Impact:   A remote user can cause the target ESX or ESXi kernel to crash.
Solution:   Cisco has issued a fix:

Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(4) SV1(4)
Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c)

The Cisco advisory is available at:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2011-0002.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2011-0002.html (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Mon, 07 Feb 2011 21:16:09 -0800
Subject:  [Security-announce] VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2011-0002
Synopsis:          Cisco Nexus 1000V VEM updates address denial of
                   service in VMware ESX/ESXi
Issue date:        2011-02-07
Updated on:        2011-02-07 (initial release of advisory)
CVE numbers:       CVE-2011-0355
- ------------------------------------------------------------------------

1. Summary

   Updated versions of the Cisco Nexus 1000V virtual switch address a
denial
   of service in VMware ESX/ESXi.

2. Relevant releases

   The following VMware products could be affected by a denial of service
   vulnerability that is present in older versions of the Cisco Nexus
   1000V virtual switch:

   - ESXi 4.1
   - ESXi 4.0
   - ESX 4.1
   - ESX 4.0

   The following Cisco products have the vulnerability:

   - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3b)
   - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3a)
   - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3)
   - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(2)
   - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(1)
   
3. Problem Description

 a. Cisco Nexus 1000V Virtual Ethernet Module denial of service

    The Cisco Nexus 1000V Virtual Ethernet Module (VEM) is a virtual
    switch for ESX and ESXi. This switch can be added to ESX and ESXi
    where it replaces the VMware virtual switch and runs as part of the
    ESX and ESXi kernel.

    A flaw in the handling of dropped packets by Cisco Nexus 1000V VEM
    can cause ESX and ESXi to crash.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2011-0355 to the issue.

    The issue is addressed by Cisco in the following releases:
    - Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(4) SV1(4)
    - Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c)
    For details refer to the release notes of these releases (see
    section 4 for links).
 
    VMware customers are only affected by this vulnerability if they
    have chosen to deploy the Cisco Nexus 1000V virtual switch as a
    replacement for the VMware vNetwork Standard Switch or the VMware
    vNetwork Distributed Switch.

    VMware has confirmed that the VMware vNetwork Standard Switch and
    the VMware vNetwork Distributed Switch are not affected by the
    vulnerability.

    The issue is documented by Cisco in Cisco bug ID CSCtj17451 (see
    section 5 for a link).

4. Solution

   Cisco Nexus 1000V Virtual Ethernet Module Release 4.2(1) SV1(4)
   ---------------------------------------------------------------
   Release notes
 
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_
1_4/release/notes/n1000v_rn.html
   
   Cisco Nexus 1000V Virtual Ethernet Module Release 4.0(4) SV1(3c)
   ----------------------------------------------------------------
   Release notes
 
http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_
1_3_c/release/notes/n1000v_rn.html

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0355

   Cisco bug ID CSCtj17451 (registered Cisco customers only)
 
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fe
tchBugDetails&bugId=CSCtj17451

- ------------------------------------------------------------------------

6. Change log

2011-02-07  VMSA-2011-0002
Initial security advisory in conjunction with the release of Cisco Nexus
1000V Virtual Ethernet Module 1.3c on 2011-02-04.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNUM+NS2KysvBH1xkRAnTnAJ422+Qjwcbcw2X6mDs80Wa7gEe9iwCfer85
hd8PoGq8RQVOWtAaf/kh458=
=nQ4R
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC