SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(VMware Issues Fix) Sun Java Runtime Environment Buffer Overflow in Applet Image Parsing Lets Remote Users Gain Privileges
SecurityTracker Alert ID:  1019163
SecurityTracker URL:  http://securitytracker.com/id/1019163
CVE Reference:   CVE-2007-3004, CVE-2007-3005   (Links to External Site)
Date:  Jan 8 2008
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Sun Java Runtime Environment (JRE). A remote user can gain elevated privileges on the target user's system.

A remote user can create a specially crafted applet that, when loaded by the target user, will trigger a buffer overflow in the image parsing code and gain elevated privileges. The applet can read and write local files or execute local applications with the privileges of the target user.

A remote user can also cause the Java Virtual Machine to hang.

Chris Evans of the Google Security Team reported this vulnerability.

Impact:   A remote user can create a Java applet that, when loaded by the target user, will gain privileges on the target user's system.

A remote user can cause denial of service conditions.

Solution:   VMware has issued the following fixes.

VMware VirtualCenter 2.0.2 Update 2 Release Notes
http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

VirtualCenter CD image
md5sum d7d98a5d7f8afff32cee848f860d3ba7

VirtualCenter as Zip
md5sum 3b42ec350121659e10352ca2d76e212b

ESX Server 3.0.2
http://kb.vmware.com/kb/1002434
md5sum: 2f52251f6ace3d50934344ef313539d5

ESX Server 3.0.1
http://kb.vmware.com/kb/1003176
md5sum: 5674ca0dcfac90726014cc316444996e

Cause:   Boundary error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 1 2007 Sun Java Runtime Environment Buffer Overflow in Applet Image Parsing Lets Remote Users Gain Privileges



 Source Message Contents

Subject:  [Full-disclosure] VMSA-2008-0002 Low severity security update for


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0002
Synopsis:          Low severity security update for VirtualCenter
                   and ESX Server 3.0.2, and ESX 3.0.1
Issue date:        2008-01-07
Updated on:        2008-01-07
CVE numbers:       CVE-2005-2090 CVE-2006-7195
                   CVE-2007-0450 CVE-2007-3004
- -------------------------------------------------------------------

1. Summary:

   Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX
   Server 3.0.2, and ESX 3.0.1.

2. Relevant releases:

   VirtualCenter Management Server 2
   ESX Server 3.0.2 without patch ESX-1002434
   ESX Server 3.0.1 without patch ESX-1003176

3. Problem description:

   Updated VirtualCenter fixes the following application vulnerabilities

   Tomcat Server Security Update
   This release of VirtualCenter Server updates the Tomcat Server
   package from 5.5.17 to 5.5.25, which addresses multiple security
   issues that existed in the earlier releases of Tomcat Server.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to
   these issues.

   JRE Security Update
   This release of VirtualCenter Server updates the JRE package from
   1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in
   the earlier release of JRE.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CVE-2007-3004 to this issue.

   NOTE: These vulnerabilities can be exploited remotely only if the
         attacker has access to the service console network.

         Security best practices provided by VMware recommend that the
         service console be isolated from the VM network. Please see
         http://www.vmware.com/resources/techresources/726 for more
         information on VMware security best practices.

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

   VMware VirtualCenter 2.0.2 Update 2 Release Notes
   http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

   VirtualCenter CD image
   md5sum d7d98a5d7f8afff32cee848f860d3ba7

   VirtualCenter as Zip
   md5sum 3b42ec350121659e10352ca2d76e212b

   ESX Server 3.0.2
   http://kb.vmware.com/kb/1002434
   md5sum: 2f52251f6ace3d50934344ef313539d5

   ESX Server 3.0.1
   http://kb.vmware.com/kb/1003176
   md5sum: 5674ca0dcfac90726014cc316444996e

5. References:

  CVE numbers
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce@lists.vmware.com
  * bugtraq@securityfocus.com
  * full-disclosure@lists.grok.org.uk

E-mail:  security@vmware.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHgthVS2KysvBH1xkRCPmqAJ0Vinlb3RZQH9syPorjnNJYkB+V/gCeN8pQ
3AnswXxHMvJR9mEM/eIymPM=
=CXyQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC