SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware GSX Server Vendors:   VMware
(Vendor Releases Fixed Version) Re: VMware GSX Server Buffer Overflow in VMware Authorization Service 'GLOBAL' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1004954
SecurityTracker URL:  http://securitytracker.com/id/1004954
CVE Reference:   CVE-2002-0814   (Links to External Site)
Updated:  Feb 21 2004
Original Entry Date:  Aug 6 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.0 build-2050
Description:   A buffer overflow vulnerability was reported in the VMware GSX Server. A remote authenticated user can execute arbitrary code on the system.

A remote authenticated user can reportedly connect to the VMware Authorization Service on TCP port 902 and send a specially crafted GLOBAL command to trigger the buffer overflow. According to the report, this can cause arbitrary code to be executed with administrator privileges.

It may be possible for the remote user to exploit the flaw using a guest account.

Demonstration exploit code is provided in the Source Message.

Impact:   A remote authenticated user can execute arbitrary code on the system with administrator privileges.
Solution:   VMware has released a fixed version of VMware GSX Server (2.0.1 build 2129) for both Windows and Linux platforms. The vendor strongly urges all users of GSX Server 2.0 to download and install the 2.0.1 update.

[Editor's note: Only the Windows platform is apparently affected by this flaw, but the fix also includes other bug fixes that affect both platforms.]

Registered GSX Server 2.0 customers and active evaluators can download GSX Server 2.0.1 from:

http://www.vmware.com/download/gsx_download.html

You will need to log in with your registered VMware email address and password.

If you are a GSX Server 2.0 evaluator and your 10-day download access period has expired, please note that we have extended your download access through August 9 so that you may install the 2.0.1 release.

Installation instructions are available at:

http://www.vmware.com/support/gsx2/doc/install_gsx.html

Vendor URL:  www.vmware.com/products/server/gsx_features.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 25 2002 VMware GSX Server Buffer Overflow in VMware Authorization Service 'GLOBAL' Parameter Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  VMware GSX Server 2.0.1 Release and Security Alert


VMware has released a patch for buffer overflow conditions and other bug
fixes and improvements for their GSX Server version 2.0.0.



Dear VMware GSX Server Customer,

VMware has released VMware GSX Server 2.0.1 build 2129 for both
Windows and Linux platforms.  This release incorporates critical
security fixes.  We strongly urge all users of GSX Server 2.0 to
download and install the 2.0.1 update.

What is new in VMware GSX Server 2.0.1?
---------------------------------------

VMware GSX Server 2.0.1 includes:

 - A fix for the VMware Authorization Server buffer overflow
   vulnerability published to the BugTraq mailing list on July 24,
   2002 (see http://online.securityfocus.com/archive/1/284020).
   This vulnerability exists only in GSX Server 2.0.0 (for Windows)
   build 2050.  The vmware-authd.exe patch posted to our Web site on
   July 25, 2002 is incorporated into this release.
 - An updated version of OpenSSL with fixes for the buffer
   overflow vulnerabilities reported in CERT Advisory CA-2002-23
   (http://www.cert.org/advisories/CA-2002-23.html).  This
   vulnerability exists in the Windows and Linux versions of GSX
   Server 2.0.0 build 2050.
 - Improved VMware Scripting API sample scripts in the VmCOM and
   VmPerl API packages.
 - Corrections for issues with the vmware-cmd utility.
 - Fixes for a VMware Remote Console memory leak on exit that could
   cause the remote console client to run low on memory after many
   sessions.
 - Pre-built modules for TurboLinux 8.0 and SuSE Linux Enterprise
   Server 7 update.
 - Various other bug fixes and documentation improvements.

For a more details on new features, please go to:

           http://www.vmware.com/support/gsx2/doc/whatsnew_gsx.html


How do I download VMware GSX Server 2.0.1?
------------------------------------------

Registered GSX Server 2.0 customers and active evaluators can
download GSX Server 2.0.1 from:

           http://www.vmware.com/download/gsx_download.html

You will need to log in with your registered VMware email address
and password.

If you are a GSX Server 2.0 evaluator and your 10-day download access
period has expired, please note that we have extended your download
access through August 9 so that you may install the 2.0.1 release.

Installation instructions are available at:

           http://www.vmware.com/support/gsx2/doc/install_gsx.html

Thank you for your attention to this important VMware GSX Server 2.0
security update.

Regards,
The VMware Team

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC