VMSA-2009-0009:ESX Service Console updates for udev, sudo, and curl

VMware

0 more products

23386

08 July 2009

08 July 2009

CLOSED

MEDIUM

CVE-2009-1185,CVE-2009-0034,CVE-2009-0037

VMSA-2009-0009

ESX Service Console updates for udev, sudo, and curl

VMware Security Advisory
 
VMware Security Advisory Advisory ID:
VMSA-2009-0009
VMware Security Advisory Synopsis:
ESX Service Console updates for udev, sudo, and curl
VMware Security Advisory Issue date:
2009-07-10
VMware Security Advisory Updated on:
2009-07-10 (initial release of advisory)
VMware Security Advisory CVE numbers:
CVE-2009-1185 CVE-2009-0034 CVE-2009-0037
1. Summary


Update for Service Console packages udev,sudo, and curl

 
2. Relevant releases


VMware ESX 4.0.0 without bulletin ESX400-200906411-SG,
ESX400-200906406-SG, ESX400-200906407-SG.

 

3. Problem Description

a. Service Console package udev
A vulnerability in the udev program did not verify whether a NETLINK
message originates from kernel space, which allows local users to
gain privileges by sending a NETLINK message from user space.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1185 to this issue.
Please see http://kb.vmware.com/kb/1011786 for details.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product
Product Version
Running on
Replace with/ Apply Patch
VMware Product VirtualCenter
Product Version any
Running on Windows
Replace with/ Apply Patch not affected
VMware Product hosted *
Product Version any
Running on any
Replace with/ Apply Patch not affected
VMware Product ESXi
Product Version any
Running on ESXi
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 4.0
Running on ESX
Replace with/ Apply Patch ESX400-200906411-SG
VMware Product ESX
Product Version 3.5
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.3
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.2
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 2.5.5
Running on ESX
Replace with/ Apply Patch not affected



* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

b. Service Console package sudo

Service Console package for sudo has been updated to version
sudo-1.6.9p17-3. This fixes the following issue: Sudo versions
1.6.9p17 through 1.6.9p19 do not properly interpret a system group
in the sudoers file during authorization decisions for a user who
belongs to that group, which might allow local users to leverage an
applicable sudoers file and gain root privileges by using a sudo
command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0034 to this issue.
Please see http://kb.vmware.com/kb/1011781 for more details
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product
Product Version
Running on
Replace with/ Apply Patch
VMware Product VirtualCenter
Product Version any
Running on Windows
Replace with/ Apply Patch not affected
VMware Product hosted *
Product Version any
Running on any
Replace with/ Apply Patch not affected
VMware Product ESXi
Product Version any
Running on ESXi
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 4.0
Running on ESX
Replace with/ Apply Patch ESX400-200906411-SG
VMware Product ESX
Product Version 3.5
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.3
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.2
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 2.5.5
Running on ESX
Replace with/ Apply Patch not affected



* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. Service Console package curl

Service Console package for curl has been updated to version
curl-7.15.5-2.1. This fixes the following issue: The redirect
implementation in curl and libcurl 5.11 through 7.19.3, when
CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location
values, which might allow remote HTTP servers to trigger arbitrary
requests to intranet servers, read or overwrite arbitrary files by
using a redirect to a file: URL, or execute arbitrary commands by
using a redirect to an scp: URL.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0037 to this issue.
Please see http://kb.vmware.com/kb/1011782 for details
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product
Product Version
Running on
Replace with/ Apply Patch
VMware Product VirtualCenter
Product Version any
Running on Windows
Replace with/ Apply Patch not affected
VMware Product hosted *
Product Version any
Running on any
Replace with/ Apply Patch not affected
VMware Product ESXi
Product Version any
Running on ESXi
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 4.0
Running on ESX
Replace with/ Apply Patch ESX400-200906407-SG
VMware Product ESX
Product Version 3.5
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.3
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 3.0.2
Running on ESX
Replace with/ Apply Patch not affected
VMware Product ESX
Product Version 2.5.5
Running on ESX
Replace with/ Apply Patch not affected



* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution


Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX 4.0
-------
ESX400-200906001
http://tinyurl.com/ncfu5s
md5sum:cab549922f3429b236633c0e81351cde
sha1sum:aff76554ec5ee3c915eb4eac02e62c131163059a

Note: ESX400-200906001 contains the following security fixes
ESX400-200906411-SG, ESX400-200906406-SG, ESX400-200906405-SG,
ESX400-200906407-SG.

To install an individual bulletin use esxupdate with the -b option.
esxupdate --bundle ESX400-200906001.zip -b ESX400-200906411-SG \
-b ESX400-200906406-SG -b ESX400-200906405-SG -b \
ESX400-200906407-SG update

 
5. References


CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037

 

6. Change log


2009-07-10 VMSA-2009-0008
Initial security advisory after release of bulletins for ESX 4.0 on
2009-07-10.

 
7. Contact


E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc. All rights reserved.