SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware vCenter Vendors:   VMware
(VMware Issues Fix for vCenter) OpenSSL ssl3_read_bytes() and Anonymous ECDH Ciphersuite Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1030464
SecurityTracker URL:  http://securitytracker.com/id/1030464
CVE Reference:   CVE-2010-5298, CVE-2014-3470   (Links to External Site)
Date:  Jun 25 2014
Impact:   Denial of service via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. VMware vCenter Configuration Manager, vCenter Converter Standalone, and vCenter Operations Manager are affected.

A remote user can send specially crafted data to trigger a race condition in ssl3_read_bytes() and inject data across sessions or cause denial of service conditions [CVE-2010-5298]. Multithreaded applications are affected on versions 1.0.0 and 1.0.1 when SSL_MODE_RELEASE_BUFFERS is enabled.

A remote user can cause denial of service conditions on TLS clients that have enabled ECDH ciphersuites [CVE-2014-3470].

The vendor was notified on May 28, 2014.

Felix Grobert and Ivan Fratric at Google reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can inject data across sessions.

Solution:   VMware has issued a fix for vCenter Configuration Manager (5.7.2), vCenter Converter Standalone (5.5.2), and vCenter Operations Manager (5.8.2).

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Vendor URL:  www.openssl.org/news/secadv_20140605.txt (Links to External Site)
Cause:   Not specified, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 5 2014 OpenSSL ssl3_read_bytes() and Anonymous ECDH Ciphersuite Bugs Let Remote Users Deny Service



 Source Message Contents

Subject:  [Security-announce] UPDATED VMSA-2014-0006.3 - VMware product updates address OpenSSL security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2014-0006.3
Synopsis:    VMware product updates address OpenSSL 
             security vulnerabilities
Issue date:  2014-06-10
Updated on:  2014-06-24
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and 
             CVE-2014-3470
- -----------------------------------------------------------------------

1. Summary

   VMware product updates address OpenSSL security vulnerabilities.

2. Relevant Releases

   Big Data Extensions prior to 2.0.0

   ESXi 5.5 without patch ESXi550-201406401-SG
   ESXi 5.1 without patch ESXi510-201406401-SG

   Horizon Mirage Edge Gateway prior to 4.4.3

   Horizon View prior to 5.3.2
   Horizon View 5.3 Feature Pack X prior to Feature Pack 3

   vCD prior to 5.5.1.2

   vCenter prior to 5.5u1b

   vCenter Configuration Manager prior to 5.7.2

   vCenter Converter Standalone prior to 5.5.2

   vCenter Operations Manager prior to 5.8.2

   vCSA prior to 5.5u1b

   OVF Tool prior to 5.3.2

   Update Manager prior to 5.5u1b

   VDDK prior to 5.5.2
   VDDK prior to 5.1.3
   VDDK prior to 5.0.4

3. Problem Description

   a. OpenSSL update for multiple products.

      OpenSSL libraries have been updated in multiple products to
      versions 0.9.8za and 1.0.1h in order to resolve multiple security
      issues.
 
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2014-0224, CVE-2014-0198,
      CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
      these issues. The most important of these issues is
      CVE-2014-0224.

      CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
      be of moderate severity. Exploitation is highly unlikely or is
      mitigated due to the application configuration.

      CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL 
      Security Advisory (see Reference section below), do not affect
      any VMware products.     

      CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server
      is running a vulnerable version of OpenSSL 1.0.1 and clients are
      running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating
      the server will mitigate this issue for both the server and all
      affected clients.

      CVE-2014-0224 may affect products differently depending on
      whether the product is acting as a client or a server and of
      which version of OpenSSL the product is using. For readability
      the affected products have been split into 3 tables below, 
      based on the different client-server configurations and
      deployment scenarios.

      MITIGATIONS

      Clients that communicate with a patched or non-vulnerable server
      are not vulnerable to CVE-2014-0224. Applying these patches to 
      affected servers will mitigate the affected clients (See Table 1
      below).

      Clients that communicate over untrusted networks such as public
      Wi-Fi and communicate to a server running a vulnerable version of 
      OpenSSL 1.0.1. can be mitigated by using a secure network such as 
      VPN (see Table 2 below).
      
      Clients and servers that are deployed on an isolated network are
      less exposed to CVE-2014-0224 (see Table 3 below). The affected
      products are typically deployed to communicate over the
      management network. 

      RECOMMENDATIONS

      VMware recommends customers evaluate and deploy patches for
      affected Servers in Table 1 below as these patches become
      available. Patching these servers will remove the ability to
      exploit the vulnerability described in CVE-2014-0224 on both
      clients and servers. 

      VMware recommends customers consider 
      applying patches to products listed in Table 2 & 3 as required.

      Column 4 of the following tables lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      Table 1
      =======
      Affected servers running a vulnerable version of OpenSSL 1.0.1. 

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      ESXi                            5.5       ESXi     ESXi550-
                                                         201406401-SG 

      Big Data Extensions             1.1                2.0.0 

      vCenter Chargeback Manager      2.6                patch pending 

      Horizon Workspace Gateway       1.x                patch pending 

      Horizon Workspace Data          1.x                patch pending

      Horizon Mirage Edge Gateway     4.4.x              4.4.3 

      Horizon View                    5.x                5.3.2 

      Horizon View Feature Pack       5.x                5.3 Feature Pack 3

      NSX for Multi-Hypervisor        4.1.2              patch pending 
      NSX for Multi-Hypervisor        4.0.3              patch pending 
      NSX for vSphere                 6.0.4              patch pending 
      NVP                             3.2.2              patch pending 
      
      vCAC                            6.0.1              patch pending 

      vCloud Networking and Security  5.5.2 		 patch pending 
      vCloud Networking and Security  5.1.4 		 patch pending 

      vFabric Web Server              5.x                patch pending 

      vCHS - DPS-Data Protection      2.0                patch pending 
      Service

      Table 2
      ========
      Affected clients running a vulnerable version of OpenSSL 0.9.8 
      or 1.0.1 and communicating over an untrusted network. 

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      vCSA                            5.5                5.5u1b
      vCSA                            5.1                patch pending 
      vCSA                            5.0                patch pending

      ESXi                            5.1       ESXi     ESXi510-
                                                         201406401-SG
      ESXi                            5.0       ESXi     patch pending  

      Workstation                     10.x      any      patch pending 
      Workstation                     9.x       any      patch pending 
      Fusion                          6.x       OSX      patch pending 
      Fusion                          5.x       OSX      patch pending 
      Player                          6.x       any      patch pending 
      Player                          5.x       any      patch pending 

      vCenter Chargeback Manager      2.5.x              patch pending 

      Horizon Workspace Client        1.x       OSX      patch pending
      Horizon Workspace Client        1.x       Windows  patch pending 

      Horizon View Client             2.x       Android  patch pending
      Horizon View Client             2.x       iOS      patch pending
      Horizon View Client             2.x       OSX      patch pending
      Horizon View Client             2.x       Windows  patch pending
      Horizon View Client             2.x       WinStore patch pending

      OVF Tool                        3.5.1              3.5.2 
      OVF Tool                        3.0.1              patch pending 

      vCenter Operations Manager      5.8.x              5.8.2
      vCenter Operations Manager      5.7.x              patch pending

      vCenter Support Assistant       5.5.0              patch pending 
      vCenter Support Assistant       5.5.1              patch pending 
          
      vCD                             5.1.x              patch pending 
      vCD                             5.5.1.x            5.5.1.2

      vCenter Site Recovery Manager   5.5.x              patch pending 
      vCenter Site Recovery Manager   5.1.x              patch pending
      vCenter Site Recovery Manager   5.0.3.x            patch pending 

      vSphere Client                  5.5       Windows  5.5u1b
      vSphere Client                  5.1       Windows  patch pending
      vSphere Client                  5.0       Windows  patch pending

      Table 3
      =======
      The following table lists all affected clients running a
      vulnerable
      version of OpenSSL 0.9.8 or 1.0.1 and communicating over a
      trusted or isolated network.

      VMware                          Product  Running   Replace with/
      Product                         Version  on        Apply Patch 
      ==============                  =======  =======   =============
      vCenter Server                  5.5       any      5.5u1b
      vCenter Server                  5.1       any      patch pending
      vCenter Server                  5.0       any      patch pending

      Update Manager                  5.5       Windows  5.5u1b

      vCenter Configuration
      Manager (VCM)                   5.6                5.7.2

      Horizon Workspace               1.x                patch pending
   
      ITBM Standard                   1.0.1              patch pending 
      ITBM Standard                   1.0                patch pending 


      Studio                          2.6.0.0            patch pending 
    
      Usage Meter                     3.3                patch pending 
     
      vCenter Converter Standalone    5.5                5.5.2
      vCenter Converter Standalone    5.1                patch pending 
      vCD (VCHS)                      5.6.2              patch pending 

      vFabric Application Director    5.2.0              patch pending 
      vFabric Application Director    5.0.0              patch pending 
 
      VIX API                         5.5                patch pending 
      VIX API                         1.12               patch pending 
      
      vMA (Management Assistant)      5.1.0.1            patch pending     
  

      VMware Data Recovery            2.0.3              patch pending 
     
      VMware vSphere CLI              5.5                patch pending 
     
      vSphere Data Protection         5.5.6              patch pending
      vSphere Data Protection         5.1.11             patch pending

      vSphere Replication             5.5.1              patch pending 
      vSphere Replication             5.6                patch pending
 
      vSphere SDK for Perl            5.5                patch pending
 
      vSphere Storage Appliance       5.5.1              patch pending 
      vSphere Storage Appliance       5.1.3              patch pending 
      vSphere Support Assistant       5.5.1              patch pending 
      vSphere Support Assistant       5.5.0              patch pending
      VDDK                            5.5.x              5.5.2
      VDDK                            5.1.x              5.1.3
      VDDK                            5.0.x              5.0.4 

 
   4. Solution

   Big Data Extensions 2.0.0
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-bde

   ESXi 5.5
   ----------------------------

   Download:
   https://www.vmware.com/patchmgr/findPatch.portal

   Release Notes:
   http://kb.vmware.com/kb/2077359

   ESXi 5.1
   ----------------------------
   Download:
   https://www.vmware.com/patchmgr/findPatch.portal

   Release Notes:
   http://kb.vmware.com/kb/2077640

   Horizon Mirage Edge Gateway 4.4.3
   ---------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-horizon-mirage

   vCD 5.5.1.2
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download/vcloud-director

   vCenter Server 5.5u1b
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   vCSA 5.5u1b
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   Update Manager 5.5u1b
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   VDDK 5.x
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/support/developer/vddk

   vCenter Configuration Manager (VCM) 5
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download_vcm

   vCenter Operations Manager 5.8
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere-ops-mgr

   OVF Tool 3.5.2 
   --------------
   Download: 
   https://www.vmware.com/support/developer/ovf/

   vCenter Converter Standalone 5.5.2
   -----------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-converter

   Horizon View 5
   ----------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/downloadview

   Horizon View 5.3 Feature Pack 3
   -----------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/downloadview

   5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
   
   https://www.openssl.org/news/secadv_20140605.txt

- -----------------------------------------------------------------------

6. Change Log

   2014-06-10 VMSA-2014-0006
   Initial security advisory in conjunction with the release of
   ESXi 5.5 updates on 2014-06-10

   2014-06-12 VMSA-2014-0006.1
   Updated security advisory in conjunction with the release of
   Big Data Extensions 2.0.0, Horizon Mirage Edge Gateway 4.4.3, 
   vCD 5.5.1.2, vCenter Server 5.5u1b, vCSA 5.5u1b, and Update
   Manager 5.5u1b on 2014-06-12

   2014-06-17 VMSA-2014-0006.2
   Updated security advisory in conjunction with the release of
   ESXi 5.1 updates, VDDK 5.5.2, 5.1.3, and 5.0.4 on 2014-06-17

   2014-06-24 VMSA-2014-0006.3
   Updated security advisory in conjunction with the release of
   Horizon View 5.3.2, Horizon View 5.3 Feature Pack 3, 
   vCenter Configuration Manager 5.7.2, vCenter 
   Converter Standalone 5.5.2, vCenter Operations 
   Manager 5.8.2, OVF Tool 5.3.2 on 2014-06-24

- -----------------------------------------------------------------------
 
7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
 
   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2014 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFTqeMUDEcm8Vbi9kMRAqusAKCi1jJIsC75sFwQS2K0Kwz/SkvigwCeOfxg
aykYEdqVQT6a+Iaj4dSbFB4=
=Tzbe
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC