(VMware Issues Fix for VMware ESX Server) E2fsprogs Buffer Overflow in libext2fs Lets Local Users Gain Elevated Privileges
|
SecurityTracker Alert ID: 1019538 |
SecurityTracker URL: http://securitytracker.com/id/1019538
|
CVE Reference:
CVE-2007-5497
(Links to External Site)
|
Date: Mar 4 2008
|
Impact:
Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.5.4 and 2.5.5
|
Description:
A vulnerability was reported in E2fsprogs. A local user can obtain elevated privileges on the target system. VMware ESX Server is affected.
A local user can modify a filesystem so that when a target user or application executes libext2fs, a heap overflow will occur and arbitrary arbitrary code will be executed. The code will run with the privileges of the target user or application.
McAfee AVERT Research group reported this vulnerability in December 2007.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
VMware has issued a fix for ESX Server (2.5.4 Upgrade Patch 16, 2.5.5 Upgrade Patch 5), which is affected by this vulnerability, available at:
http://www.vmware.com/download/esx/esx2_patches.html
ESX Server 2.5.5 Upgrade Patch 5
http://download3.vmware.com/software/esx/esx-2.5.5-73417-upgrade.tar.gz
md5sum: cf0addac42cb2057c47065971f56bee6
http://www.vmware.com/support/esx25/doc/esx-255-200802-patch.html
ESX Server 2.5.4 Upgrade Patch 16
http://download3.vmware.com/software/esx/esx-2.5.4-73416-upgrade.tar.gz
md5sum: b7b2cbfd45380124c128831dca8bc2b0
http://www.vmware.com/support/esx25/doc/esx-254-200802-patch.html
|
Cause:
Boundary error
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Subject: [Security-announce] VMSA-2008-0004 Low: Updated e2fsprogs service
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0004
Synopsis: Low: Updated e2fsprogs service console package
Issue date: 2008-03-03
Updated on: 2008-03-03 (initial release of advisory)
CVE numbers: CVE-2007-5497
- -------------------------------------------------------------------
1. Summary:
Updated service console package e2fsprogs.
2. Relevant releases:
ESX Server 2.5.5 Upgrade Patch 5
ESX Server 2.5.4 Upgrade Patch 16
NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at
~ least 2.5.5 and preferably the newest release available before
~ the end of extended support.
~ ESX Server prior to 2.5.4 are no longer in Extended Support.
~ Users should upgrade to a supported version of the product.
~ The VMware Infrastructure Support Life Cycle Policy can be found
~ here: http://www.vmware.com/support/policies/eos_vi.html
3. Problem description:
Updated e2fsprogs package address multiple integer overflow flaws
Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying
and reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5497 to this issue.
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html
ESX Server 2.5.5 Upgrade Patch 5
http://download3.vmware.com/software/esx/esx-2.5.5-73417-upgrade.tar.gz
md5sum: cf0addac42cb2057c47065971f56bee6
http://www.vmware.com/support/esx25/doc/esx-255-200802-patch.html
ESX Server 2.5.4 Upgrade Patch 16
http://download3.vmware.com/software/esx/esx-2.5.4-73416-upgrade.tar.gz
md5sum: b7b2cbfd45380124c128831dca8bc2b0
http://www.vmware.com/support/esx25/doc/esx-254-200802-patch.html
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHzHdoS2KysvBH1xkRCCxrAJsHDTczV7agRyav5nMXgVmvMKTsSACfTmLl
Rv1wQy510KaPTQy9LiNMTNo=
=yM44
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
|
|