SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
VMware UDF Filesystem Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026139
SecurityTracker URL:  http://securitytracker.com/id/1026139
CVE Reference:   CVE-2011-3868   (Links to External Site)
Date:  Oct 5 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 7.1.4 and prior, Player 3.1.4 and prior, Fusion 3.1.2 and prior
Description:   A vulnerability was reported in VMware Workstation, Player, and Fusion. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted ISO image that, when imported by the target user, will trigger a buffer overflow and execute arbitrary code on the target system.

An anonymous researcher reported this vulnerability via the SecuriTeam Secure Disclosure program.

Impact:   A remote user can create an ISO file that, when imported by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (Workstation 7.1.5, Player 3.1.5, Fusion 3.1.3).

The vendor's advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2011-0011.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2011-0011.html (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  [Security-announce] VMSA-2011-0011 VMware hosted products address remote code execution vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2011-0011
Synopsis:          VMware hosted products address remote code execution
                   vulnerability
Issue date:        2011-10-04
Updated on:        2011-10-04 (initial release of advisory)
CVE numbers:       CVE-2011-3868
                   
- ------------------------------------------------------------------------

1. Summary

   Hosted product updates address a remote code execution vulnerability
   in the way UDF file systems are handled

2. Relevant releases

   VMware Workstation 7.1.4 and earlier

   VMware Player 3.1.4 and earlier

   VMware Fusion 3.1.2 and earlier


3. Problem Description

 a. UDF file system import remote code execution

    A buffer overflow vulnerability is present in the way UDF file
    systems are handled. This issue could allow for code execution if a
    user installs from a malicious ISO image that was specially crafted
    by an attacker.

    VMware would like to thank an anonymous contributor working with the
    SecuriTeam Secure Disclosure program for reporting this issue to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name 3868.11-3868 to the issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.  

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    Workstation    8.x       any      not affected
    Workstation    7.x       any      7.1.5 or later

    Player         3.x       any      3.1.5  or later

    AMS            any       any      not affected

    Fusion         4.x       Mac OS/X not affected
    Fusion         3.1.x     Mac OS/X 3.1.3 or later

    ESXi           any       ESXi     not affected

    ESX            any       ESX      not affected

4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   VMware Workstation 7.1.5
   ------------------------
   http://www.vmware.com/go/downloadworkstation   
   Release notes:
   http://downloads.vmware.com/support/ws71/doc/releasenotes_ws715.html

   VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
   md5sum: 40a0a39377a6ba804d5e76e59449d51f
   sha1sum: 25462e18bf9439876c63948415f7ba7b09baa8e6

   VMware Workstation for Linux 32-bit with VMware Tools
   md5sum: 9c9b4d7a749f1baa485f26e6f366c070
   sha1sum: 31033424656b8eaaa814f3e9c3b5b9c5c53b783b

   VMware Workstation for Linux 64-bit with VMware Tools
   md5sum: 482b8b2890f75488addfc31418031864
   sha1sum: b1f73650f70c94249e5add5d9516d0e45c4ae87d

   VMware Player 3.1.5
   -------------------
   http://www.vmware.com/go/downloadplayer
   Release notes:
   https://www.vmware.com/support/player31/doc/releasenotes_player315.html

   VMware Player for 32-bit and 64-bit Windows
   md5sum: fcc91227963e58efcb63fb791d2fd813
   sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390

   VMware Player for 32-bit Linux
   md5sum: c96867c8093d23065bed7e71e020bb19
   sha1sum: 4156bdfb7f679114671b416d178028fdc4d3beb4

   VMware Player for 64-bit Linux
   md5sum: 1ec954f1baaf6a60e451979b5e88f2d6
   sha1sum: a253a486d6c6848620de200ef1837ced903daa1c

   VMware Fusion 3.1.3
   -------------------
   http://www.vmware.com/go/downloadfusion
   Release Notes:
 
http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_313.htm
l

   VMware Fusion for Intel-based Macs
   md5sum: f35ac5c15354723468257d2a48dc4f76
   sha1sum: 3c849a62c45551fddb16eebf298cef7279d622a9
     

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3868

- ------------------------------------------------------------------------
6. Change log

2011-10-04  VMSA-2011-0011
Initial security advisory in conjunction with the release of VMware
Workstation 7.1.5 and Player 3.1.5 on 2011-10-04.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFOi+F3DEcm8Vbi9kMRAp6fAJ9u6IbFoQ+8b4piuntrhjTxWa/pEQCfWxWM
7Y9rS59t3IxrhRphMUA0KiU=
=S5sg
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC