Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] VMSA-2008-0007 Moderate Updated Service Console packag

from [VMware Security team] Network Security [Permanent Link]
Subject: [Full-disclosure] VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
Date: Tue, 15 Apr 2008 18:23:02 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~                   VMware Security Advisory

Advisory ID:       VMSA-2008-0007
Synopsis:          Moderate Updated Service Console packages pcre
~                   net-snmp, and OpenPegasus
Issue date:        2008-04-15
Updated on:        2008-04-15 (initial release of advisory)
CVE numbers:       CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
~                   CVE-2008-0003
- -------------------------------------------------------------------

1. Summary:

~   Updated Service Console packages for pcre, net-snmp, and OpenPegasus

2. Relevant releases:

~   VMware ESX 3.5 without patch ESX350-200803214-UG

3. Problem description:

~   a. Updated pcre Service Console package addresses several security issues

~   The pcre package contains the Perl-Compatible Regular Expression library.
~   pcre is used by various Service Console utilities.

~   Several security issues were discovered in the way PCRE handles
~   regular expressions. If an application linked against PCRE parsed a
~   malicious regular expression, it may have been possible to run
~   arbitrary code as the user running the application.

~   VMware would like to thank Ludwig Nussel for reporting these issues.

~   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~   assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

~   RPM Updated:
~   pcre-3.9-10.4.i386.rpm

~   b. Updated net-snmp Service Console package addresses denial of service

~   net-snmp is an implementation of the Simple Network Management
~   Protocol (SNMP).  SNMP is used by network management systems to
~   monitor hosts.  By default ESX has this service enabled and its ports
~   open on the ESX firewall.

~   A flaw was discovered in the way net-snmp handled certain requests. A
~   remote attacker who can connect to the snmpd UDP port could send a
~   malicious packet causing snmpd to crash, resulting in a denial of
~   service.

~   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~   assigned the name CVE-2007-5846 to this issue.

~   RPM Updated:
~   net-snmp-5.0.9-2.30E.23.i386.rpm
~   net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~   net-snmp-utils-5.0.9-2.30E.23.i386.rpm

~   c. Updated OpenPegasus Service Console package fixes overflow condition

~   OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
~   Management (WBEM) broker.  These protocols are used by network management
~   systems to monitor and control hosts.  By default ESX has this service
~   enabled and its ports open on the ESX firewall.

~   A flaw was discovered in the OpenPegasus CIM management server that
~   might allow remote attackers to execute arbitrary code.  OpenPegasus
~   when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
~   defined, has a stack-based buffer overflow condition.

~   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~   assigned the name CVE-2008-0003 to this issue.

~   RPMS updated:
~   cim-smwg-1.0-release-606113.i386.rpm
~   pegasus-2.5-release-606113.i386.rpm

4. Solution:

Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.

~   ESX 3.5 patch ESX350-200803214-UG
~   http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
~   md5sum:  9ff7b416afed3acfbfbb5d1d63ca5060
~   http://kb.vmware.com/kb/1003721

~   RPMS updated with patch ESX350-200803214-UG
~   e2fsprogs-1.32-15.4.i386.rpm
~   net-snmp-5.0.9-2.30E.23.i386.rpm
~   net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~   net-snmp-utils-5.0.9-2.30E.23.i386.rpm
~   pcre-3.9-10.4.i386.rpm
~   libxml2-2.5.10-8.i386.rpm
~   libxml2-python-2.5.10-8.i386.rpm

~   ESX 3.5 patch ESX350-200803201-UG
~   http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip
~   md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
~   http://kb.vmware.com/kb/1003695

~   RPMS updated with ESX350-200803201-UG
~   cim-smwg-1.0-release-606113.i386.rpm
~   pegasus-2.5-release-606113.i386.rpm

5. References:

~   CVE numbers
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003

6. Change log

2008-04-15  VMSA-2008-0007    Initial release

- -------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~  * security-announce@lists.vmware.com
~  * bugtraq@securityfocus.com
~  * full-disclosure@lists.grok.org.uk

E-mail:  security@vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIBVTyS2KysvBH1xkRCMNGAJ9kdOVbJNb9cK7hoyXpPbkSXgqvnwCfaXGz
bNkhUejzelQIDSGqZkUDgWY=
=jhJt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus, VMware Security team <=
Previous by Date:  [Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability, iDefense Labs
Next by Date:  [Full-disclosure] [INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability, infocus
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 04.09.08: IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability, iDefense Labs
Next by Thread:  [Full-disclosure] [INFIGO-2008-04-08]: ICQ 6 remote buffer overflow vulnerability, infocus
Indexes:  [Date] [Thread] [Top] [All Lists]