SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware vCenter Vendors:   VMware
(VMware Issues Fix for vCenter) OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1030422
SecurityTracker URL:  http://securitytracker.com/id/1030422
CVE Reference:   CVE-2014-0198   (Links to External Site)
Date:  Jun 13 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Server 5.0, 5.1, 5.5
Description:   A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions. VMware vCenter Server is affected.

A remote user can send specially crafted data to trigger a null pointer dereference in do_ssl3_write() and cause the target service to crash.

The vulnerability resides in 'ssl/s3_pkt.c'.

Impact:   A remote user can cause the target service to crash.
Solution:   VMware has issued a fix for VMware vCenter Server (5.5u1b).

A patch is pending for versions 5.0 and 5.1.

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Vendor URL:  www.openssl.org/news/secadv_20140605.txt (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
May 3 2014 OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service



 Source Message Contents

Subject:  [Security-announce] UPDATED VMSA-2014-0006.1 - VMware product updates address OpenSSL security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2014-0006.1
Synopsis:    VMware product updates address OpenSSL 
             security vulnerabilities
Issue date:  2014-06-10
Updated on:  2014-06-12
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and 
             CVE-2014-3470
- -----------------------------------------------------------------------

1. Summary

   VMware product updates address OpenSSL security vulnerabilities.

2. Relevant Releases

   Big Data Extensions prior to 2.0.0   

   ESXi 5.5 prior to ESXi550-201406401-SG

   Horizon Mirage Edge Gateway prior to 4.4.3

   vCD prior to 5.5.1.2

   vCenter prior to 5.5u1b

   vCSA prior to 5.5u1b

   Update Manager prior to 5.5u1b

3. Problem Description

   a. OpenSSL update for multiple products.

      OpenSSL libraries have been updated in multiple products to
      versions 0.9.8za and 1.0.1h in order to resolve multiple security
      issues.
 
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2014-0224, CVE-2014-0198,
      CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
      these issues. The most important of these issues is
      CVE-2014-0224.

      CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
      be of moderate severity. Exploitation is highly unlikely or is
      mitigated due to the application configuration.

      CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL 
      Security Advisory (see Reference section below), do not affect
      any VMware products.     

      CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server
      is running a vulnerable version of OpenSSL 1.0.1 and clients are
      running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating
      the server will mitigate this issue for both the server and all
      affected clients.

      CVE-2014-0224 may affect products differently depending on
      whether the product is acting as a client or a server and of
      which version of OpenSSL the product is using. For readability
      the affected products have been split into 3 tables below, 
      based on the different client-server configurations and
      deployment scenarios.

      MITIGATIONS

      Clients that communicate with a patched or non-vulnerable server
      are not vulnerable to CVE-2014-0224. Applying these patches to 
      affected servers will mitigate the affected clients (See Table 1
      below).

      Clients that communicate over untrusted networks such as public
      Wi-Fi and communicate to a server running a vulnerable version of 
      OpenSSL 1.0.1. can be mitigated by using a secure network such as 
      VPN (see Table 2 below).
      
      Clients and servers that are deployed on an isolated network are
      less exposed to CVE-2014-0224 (see Table 3 below). The affected
      products are typically deployed to communicate over the
      management network. 

      RECOMMENDATIONS

      VMware recommends customers evaluate and deploy patches for
      affected Servers in Table 1 below as these patches become
      available. Patching these servers will remove the ability to
      exploit the vulnerability described in CVE-2014-0224 on both
      clients and servers. 

      VMware recommends customers consider 
      applying patches to products listed in Table 2 & 3 as required.

      Column 4 of the following tables lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      Table 1
      =======
      Affected servers running a vulnerable version of OpenSSL 1.0.1. 

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      ESXi                            5.5       ESXi     ESXi550-
                                                         201406401-SG 

      Big Data Extensions             1.1                patch pending 
      Charge Back Manager             2.6                patch pending 

      Horizon Workspace Server 
      GATEWAY                         1.8.1              patch pending 
      Horizon Workspace Server 
      GATEWAY                         1.5                patch pending 

      Horizon Workspace Server 
      DATA                            1.8.1              patch pending 

      Horizon Mirage Edge Gateway     4.4.x              4.4.3 
      Horizon View                    5.3.1              patch pending 

      Horizon View Feature Pack       5.3 SP2            patch pending 

      NSX for Multi-Hypervisor        4.1.2              patch pending 
      NSX for Multi-Hypervisor        4.0.3              patch pending 
      NSX for vSphere                 6.0.4              patch pending 
      NVP                             3.2.2              patch pending 
      
      vCAC                            6.0.1              patch pending 

      vCloud Networking and Security  5.5.2 		 patch pending 
      vCloud Networking and Security  5.1.4 		 patch pending 

      vFabric Web Server              5.3.4              patch pending 

      vCHS - DPS-Data Protection      2.0                patch pending 
      Service

      Table 2
      ========
      Affected clients running a vulnerable version of OpenSSL 0.9.8 
      or 1.0.1 and communicating over an untrusted network. 

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      vCSA                            5.5                5.5u1b
      vCSA                            5.1                patch pending 
      vCSA                            5.0                patch pending 


      ESXi                            5.1       ESXi     patch pending 
      ESXi                            5.0       ESXi     patch pending  

      Workstation                     10.x      any      patch pending 
      Workstation                     9.x       any      patch pending 
      Fusion                          6.x       OSX      patch pending 
      Fusion                          5.x       OSX      patch pending 
      Player                          6.x       any      patch pending 
      Player                          5.x       any      patch pending 

      Chargeback Manager              2.5.x              patch pending 

      Horizon Workspace Client for    1.8.1    OSX       patch pending 
      Mac
      Horizon Workspace Client for    1.5      OSX       patch pending 
      Mac
      Horizon Workspace Client for    1.8.1    Windows   patch pending 
      Windows       
      Horizon Workspace Client for    1.5      Windows   patch pending 

      OVF Tool                        3.5.1              patch pending 
      OVF Tool                        3.0.1              patch pending 

      vCenter Operations Manager      5.8.1              patch pending 

      vCenter Support Assistant       5.5.0              patch pending 
      vCenter Support Assistant       5.5.1              patch pending 
          
      vCD                             5.1.x              patch pending 
      vCD                             5.5.1.x            5.5.1.2
      vCenter Site Recovery Manager   5.0.3.x            patch pending 

      Table 3
      =======
      The following table lists all affected clients running a
      vulnerable
      version of OpenSSL 0.9.8 or 1.0.1 and communicating over a
      trusted or isolated network.

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      vCenter Server                  5.5       any      5.5u1b
      vCenter Server                  5.1       any      patch pending
      vCenter Server                  5.0       any      patch pending

      Update Manager                  5.5       Windows  5.5u1b

      Config Manager (VCM)            5.6                patch pending 

      Horizon View Client             5.3.1              patch pending 
      Horizon View Client             4.x                patch pending
      Horizon Workspace               1.8.1              patch pending 
      Horizon Workspace               1.5                patch pending     
 
   
      ITBM Standard                   1.0.1              patch pending 
      ITBM Standard                   1.0                patch pending 
   
      Studio                          2.6.0.0            patch pending 
    
      Usage Meter                     3.3                patch pending 
      vCenter Chargeback Manager      2.6                patch pending 
      vCenter Converter Standalone    5.5                patch pending 
      vCenter Converter Standalone    5.1                patch pending 
      vCD (VCHS)                      5.6.2              patch pending 
      
      vCenter Site Recovery Manager   5.5.x              patch pending 
      vCenter Site Recovery Manager   5.1.x              patch pending

      vFabric Application Director    5.2.0              patch pending 
      vFabric Application Director    5.0.0              patch pending 
      View Client                     5.3.1              patch pending 
      View Client                     4.x                patch pending
      VIX API                         5.5                patch pending 
      VIX API                         1.12               patch pending 
      
      vMA (Management Assistant)      5.1.0.1            patch pending     
  

      VMware Data Recovery            2.0.3              patch pending 
     
      VMware vSphere CLI              5.5                patch pending 
     
      vSphere Data Protection         5.5.6              patch pending
      vSphere Data Protection         5.1.11             patch pending

      vSphere Replication             5.5.1              patch pending 
      vSphere Replication             5.6                patch pending
 
      vSphere SDK for Perl            5.5                patch pending
 
      vSphere Storage Appliance       5.5.1              patch pending 
      vSphere Storage Appliance       5.1.3              patch pending 
      vSphere Support Assistant       5.5.1              patch pending 
      vSphere Support Assistant       5.5.0              patch pending
      VDDK                            5.5.x              patch pending 
 
   4. Solution

   Big Data Extensions 2.0.0
   ----------------------------
   Download and Release Notes:
   https://www.vmware.com/go/download-bde

   ESXi 5.5
   ----------------------------

   Download:
   https://www.vmware.com/patchmgr/download.portal

   Release Notes:
   http://kb.vmware.com/kb/2077359

   Horizon Mirage Edge Gateway 4.4.3
   ---------------------------------
   Download  and Release Notes:
   https://my.vmware.com/group/vmware/downloads

   vCD 5.5.1.2
   ----------------------------
   Download:
   https://my.vmware.com/group/vmware/downloads

   Release Notes:
  
https://www.vmware.com/support/vcd/doc/rel_notes_vcloud_director_5512.html

   vCenter Server 5.5u1b
   ----------------------------
   Download and Release Notes:
   https://www.vmware.com/go/download-vsphere

   vCSA 5.5u1b
   ----------------------------
   Download and Release Notes:
   https://www.vmware.com/go/download-vsphere

   Update Manager 5.5u1b
   ----------------------------
   Download and Release Notes:
   https://www.vmware.com/go/download-vsphere

   5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
   
   https://www.openssl.org/news/secadv_20140605.txt

- -----------------------------------------------------------------------

6. Change Log

   2014-06-10 VMSA-2014-0006
   Initial security advisory in conjunction with the release of
   ESXi 5.5 updates on 2014-06-10

   2014-06-12 VMSA-2014-0006.1
   Updated security advisory in conjunction with the release of
   Big Data Extensions 2.0.0, Horizon Mirage Edge Gateway 4.4.3, 
   vCD 5.5.1.2, vCenter Server 5.5u1b, vCSA 5.5u1b, and Update
   Manager 5.5u1b on 2014-06-12

- -----------------------------------------------------------------------
 
7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
 
   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2014 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFTmnpbDEcm8Vbi9kMRAtOwAKCCzdUmfF3PX2LwE5SPo0J5l7kyKQCfQQY1
88PBU0yt/3DLZR3uCVWBi+c=
=G1DI
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC