VMSA-2009-0001.1

ESX patches address an issue loading corrupt virtual disks and update Service Console packages

VMware Security Advisory
 
VMware Security Advisory Advisory ID:
  VMSA-2009-0001.1
VMware Security Advisory Synopsis:
  ESX patches address an issue loading corrupt virtual disks and update Service Console packages
VMware Security Advisory Issue date:
  2009-01-30
VMware Security Advisory Updated on:
  2009-02-26
VMware Security Advisory CVE numbers:
  CVE-2008-4914 CVE-2008-4309 CVE-2008-4226 CVE-2008-4225
1. Summary

Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.

2. Relevant Releases

VMware ESXi 3.5 without patch ESXe350-200901401-I-SG
     
VMware ESX 3.5 without patches  ESX350-200901401-SG,
ESX350-200901409-SG,
ESX350-200901410-SG
     
VMware ESX 3.0.3 without patches ESX303-200901405-SG,
ESX303-200901406-SG
     
VMware ESX 3.0.2 without patches ESX-1007673,
 ESX-1007674
     
VMware ESX 2.5.5 before patch 12
     
NOTE: Extended support for ESX 3.5 Update 1 ends on 7/25/2009, users should plan to upgrade to at least ESX 3.5 Update 2 by that time.

Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available.

Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available.

3. Problem Description

a. Loading a corrupt delta disk may cause ESX to crash
If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts.

A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator.

VMware would like to thank Craig Marshall for reporting this issue.

The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2008-4914 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware Product =============
Product Version =======
Running on =======
Replace with/ Apply Patch =================
VMware Product ============= VirtualCente
Product Version ======= any
Running on ======= Windows
Replace with/ Apply Patch ================= not affected
VMware Product ============= hosted*
Product Version ======= any
Running on ======= any
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESXi
Product Version ======= 3.5
Running on ======= ESXi
Replace with/ Apply Patch ================= ESXe350-200901401-I-SG
VMware Product ============= ESX
Product Version ======= 3.5
Running on ======= ESX
Replace with/ Apply Patch ================= ESX350-200901401-SG
VMware Product ============= ESX
Product Version ======= 3.0.3
Running on ======= ESX
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESX
Product Version ======= 3.0.2
Running on ======= ESX
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESX
Product Version ======= 2.5.5
Running on ======= ESX
Replace with/ Apply Patch ================= not affected


* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

b. Updated Service Console package net-snmp
Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts.

A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash.

The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2008-4309 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware Product =============
Product Version =======
Running on =======
Replace with/ Apply Patch =================
VMware Product ============= VirtualCenter
Product Version ======= any
Running on ======= Windows
Replace with/ Apply Patch ================= not affected
VMware Product ============= hosted *
Product Version ======= any
Running on ======= any
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESXi
Product Version ======= 3.5
Running on ======= ESXi
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESX
Product Version ======= 3.5
Running on ======= ESX
Replace with/ Apply Patch ================= ESX350-200901409-SG
VMware Product ============= ESX
Product Version ======= 3.0.3
Running on ======= ESX
Replace with/ Apply Patch ================= ESX303-200901405-SG
VMware Product ============= ESX
Product Version ======= 3.0.2
Running on ======= ESX
Replace with/ Apply Patch ================= ESX-1007673
VMware Product ============= ESX
Product Version ======= 2.5.5
Running on ======= ESX
Replace with/ Apply Patch ================= not affected


* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. Updated Service Console package libxml2
An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code.

The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2008-4226 to this issue.

A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop.

The Common Vulnerabilities and Exposures Project ( cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.

The following table lists what action remediates the vulnerability (column 4) if a solution is available.

VMware Product =============
Product Version =======
Running on =======
Replace with/ Apply Patch =================
VMware Product ============= VirtualCenter
Product Version ======= any
Running on ======= Windows
Replace with/ Apply Patch ================= not affected
VMware Product ============= hosted *
Product Version ======= any
Running on ======= any
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESXi
Product Version ======= 3.5
Running on ======= ESXi
Replace with/ Apply Patch ================= not affected
VMware Product ============= ESX
Product Version ======= 3.5
Running on ======= ESX
Replace with/ Apply Patch ================= ESX350-200901410-SG
VMware Product ============= ESX
Product Version ======= 3.0.3
Running on ======= ESX
Replace with/ Apply Patch ================= ESX303-200901406-SG
VMware Product ============= ESX
Product Version ======= 3.0.2
Running on ======= ESX
Replace with/ Apply Patch ================= ESX-1007674
VMware Product ============= ESX
Product Version ======= 2.5.5
Running on ======= ESX
Replace with/ Apply Patch ================= Upgrade Patch 12


* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESXi
---------------------------
ESXi 3.5 patch ESXe350-200901401-I-SG
Download link:
http://download3.vmware.com/software/vi/ESXe350-200901401-O-SG.zip
md5sum: 588dc7bfdee4e4c5ac626906c37fc784
http://kb.vmware.com/kb/1006661
NOTE: The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.

ESX
---------------------------
ESX 3.5 patch ESX350-200901401-SG (VMDK)
Download link:
http://download3.vmware.com/software/vi/ESX350-200901401-SG.zip
md5sum: 2769ac30078656b01ca1e2fdfa3230e9
http://kb.vmware.com/kb/1006651

ESX 3.5 patch ESX350-200901409-SG (net-snmp)
Download link:
http://download3.vmware.com/software/vi/ESX350-200901409-SG.zip
md5sum: 2c75cd848d9f3c51619b9a7bd60d20a3
http://kb.vmware.com/kb/1006659

ESX 3.5 patch ESX350-200901410-SG (libxml2)
Download link:
http://download3.vmware.com/software/vi/ESX350-200901410-SG.zip
md5sum: 061f96373244e7eab3f0d5fe2415ce91
http://kb.vmware.com/kb/1006660

ESX 3.0.3 patch ESX303-200901405-SG (net-snmp)
Download link:
http://download3.vmware.com/software/vi/ESX303-200901405-SG.zip
md5sum: 9983b63a1e2dc7fb3d80f0021c1c347c
http://kb.vmware.com/kb/1007681

ESX 3.0.3 patch ESX303-200901406-SG (libxml2)
Download link:
http://download3.vmware.com/software/vi/ESX303-200901406-SG.zip
md5sum: 2d5a827ccaf406a54dd3a5affee39db0
http://kb.vmware.com/kb/1007682

ESX 3.0.2 patch ESX-1007673 (net-snmp)
Download link:
http://download3.vmware.com/software/vi/ESX-1007673.tgz
md5sum: af4a36d2b4d731177210c789df844974
http://kb.vmware.com/kb/1007673

ESX 3.0.2 patch ESX-1007674 (libxml2)
Download link:
http://download3.vmware.com/software/vi/ESX-1007674.tgz
md5sum: fb4b5e9a03dea5b9e24cc0766ddd2581
http://kb.vmware.com/kb/1007674

ESX 2.5.5 Upgrade Patch 12 Build 142709
Download link:
www.vmware.com/support/esx25/doc/esx-255-142709-patch.html
http://download3.vmware.com/software/esx/esx-2.5.5-142709-upgrade.tar.gz
md5sum: 2a0bd5cc3591b1f6b04616fa2c97f78c

6. Change log

2009-01-30 VMSA-2009-0001 Initial security advisory after release of patches for ESXi, ESX 3.5, ESX 3.0.3, ESX 3.0.2.

2009-02-26 VMSA-2009-0001.1 Updated ESX 2.5.5 libxml2 information after release of update patch 12 on 2009-02-26

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at:
http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.

 

Sign up for Security Advisories

Enter your email address: