Sign up for Security
Advisories

Enter your email address:


VMSA-2008-0007.2

Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

VMware Security Advisory
Advisory ID: VMSA-2008-0007.2
Synopsis: Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
Issue date: 2008-04-15
Updated on: 2008-06-04
CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846 CVE-2008-0003
1. Summary
Updated Service Console packages for pcre, net-snmp, and OpenPegasus
2. Relevant releases
VMware ESX 3.5 without patches ESX350-200803214-UG(pcre,net-snmp), ESX350-200803201-UG(OpenPegasus)

VMware ESX 3.0.2 without patches ESX-1004213(OpenPegasus), ESX-1004217(pcre), ESX-1004218(net-snmp)

VMware ESX 3.0.1 without patches ESX-1004184(OpenPegasus), ESX-1004187(pcre), ESX-1004188(net-snmp)

NOTES: ESX 3.0.1 is in Extended Support and its end of extended support (Security and Bug fixes) is 07/31/2008. Users should plan to upgrade to at least 3.0.2 update 1 and preferably the newest release available. ESX version 3.0.0 is no longer in Extended Support. Users should upgrade to a supported version of the product.
3. Problem description
a. Updated pcre Service Console package addresses several security issues
The pcre package contains the Perl-Compatible Regular Expression library.
pcre is used by various Service Console utilities.

Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application.

VMware would like to thank Ludwig Nussel for reporting these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

RPM Updated:
pcre-3.9-10.4.i386.rpm

VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)

VMware ESX 3.0.2 patch ESX-1004217(pcre)
VMware ESX 3.0.1 patch ESX-1004187(pcre)
b. Updated net-snmp Service Console package addresses denial of service
net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall.

A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue.

RPM Updated:

net-snmp-5.0.9-2.30E.23.i386.rpm
net-snmp-libs-5.0.9-2.30E.23.i386.rpm
net-snmp-utils-5.0.9-2.30E.23.i386.rpm

VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)

VMware ESX 3.0.2 patch ESX-1004218 (net-snmp)
VMware ESX 3.0.1 patch ESX-1004188 (net-snmp)
c. Updated OpenPegasus Service Console package fixes overflow condition
OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall.

A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.

RPMS updated:
cim-smwg-1.0-release-606113.i386.rpm
pegasus-2.5-release-606113.i386.rpm

VMware ESX 3.5 patch ESX350-200803201-UG(OpenPegasus)
VMware ESX 3.0.2 patch ESX-1004213(OpenPegasus)
VMware ESX 3.0.1 patch ESX-1004184(OpenPegasus)
4. Solution
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

ESX 3.5 patch ESX350-200803214-UG
download3.vmware.com/software/esx/ESX350-200803214-UG.zip
md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060
kb.vmware.com/kb/1003721

RPMS updated with patch ESX350-200803214-UG
e2fsprogs-1.32-15.4.i386.rpm
net-snmp-5.0.9-2.30E.23.i386.rpm
net-snmp-libs-5.0.9-2.30E.23.i386.rpm
net-snmp-utils-5.0.9-2.30E.23.i386.rpm
pcre-3.9-10.4.i386.rpm
libxml2-2.5.10-8.i386.rpm
libxml2-python-2.5.10-8.i386.rpm

ESX 3.5 patch ESX350-200803201-UG
download3.vmware.com/software/esx/ESX350-200803201-UG.zip
md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
kb.vmware.com/kb/1003695

RPMS updated with ESX350-200803201-UG
cim-smwg-1.0-release-606113.i386.rpm
pegasus-2.5-release-606113.i386.rpm

VMware ESX 3.0.2 patch ESX-1004213 (OpenPegasus)
download3.vmware.com/software/vi/ESX-1004213.tgz
md5sum: cde300d8239ce5c9aac887957957eaa4
kb.vmware.com/kb/1004213

VMware ESX 3.0.1 patch ESX-1004184 (OpenPegasus)
download3.vmware.com/software/vi/ESX-1004184.tgz
md5sum: e96659cf283e1e2e141de58603af1bfc
kb.vmware.com/kb/1004184

VMware ESX 3.0.2 patch ESX-1004217 (pcre)
download3.vmware.com/software/vi/ESX-1004217.tgz
md5sum: 260b0316eaf9614e63632e9d9379cfee
kb.vmware.com/kb/1004217

VMware ESX 3.0.1 patch ESX-1004187 (pcre)
download3.vmware.com/software/vi/ESX-1004187.tgz
md5sum: 1890412a03c2bec66c42efd2548df4b1
kb.vmware.com/kb/1004187

VMware ESX 3.0.2 patch ESX-1004218 (net-snmp)
download3.vmware.com/software/vi/ESX-1004218.tgz
md5sum: e44b19ee7d94591af9b332931a4a01fd
kb.vmware.com/kb/1004218

VMware ESX 3.0.1 patch ESX-1004188 (net-snmp)
download3.vmware.com/software/vi/ESX-1004188.tgz
md5sum: de3e2f777494558b22ef192a0d6d7b59
kb.vmware.com/kb/1004188
6. Change log
2008-04-15 VMSA-2008-0007

Initial release

2008-05-02 VMSA-2008-0007.1

Added ESX 3.0.1, 3.0.2 for issue 3c. released 2008-05-01

2008-06-04 VMSA-2008-0007.2

Added ESX 3.0.1, 3.0.2 for issues 3a, 3b released 2008-06-03
7. Contact
E-mail list for product security notifications and announcements:

lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: kb.vmware.com/kb/1055

VMware Security Center
www.vmware.com/security

VMware security response policy
www.vmware.com/support/policies/security_response.html

General support life cycle policy
www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
www.vmware.com/support/policies/eos_vi.html