full-disclosure-uk July 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] VMSA-2008-00011 Updated ES

[Full-disclosure] VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

From: VMware Security team <security_at_nospam>
Date: Tue Jul 29 2008 - 01:22:48 GMT
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

  • ------------------------------------------------------------------- VMware Security Advisory
Advisory ID: VMSA-2008-00011 Synopsis: Updated ESX service console packages for Samba and vmnix Issue date: 2008-07-28 Updated on: 2008-07-28 (initial release of advisory) CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206 CVE-2008-0007 CVE-2008-1367 CVE-2008-1375 CVE-2008-1669 CVE-2006-4814 CVE-2008-1105 - -------------------------------------------------------------------
  1. Summary:

   Updated ESX packages address several security issues.

2. Relevant releases:

   VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and    ESX350-200806218-UG (samba)

3. Problem description:

I Service Console rpm updates

  1. Security Update to Service Console Kernel

   This fix upgrades service console kernel version to 2.4.21-57.EL.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,    CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and    CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not applicable hosted any any not applicable ESXi 3.5 ESXi not applicable ESX 3.5 ESX patch ESX350-200806201-UG ESX 3.0.2 ESX affected, no update planned ESX 3.0.1 ESX affected, no update planned ESX 2.5.5 ESX not applicable ESX 2.5.4 ESX not applicable

 b. Samba Security Update

   This fix upgrades the service console rpm samba to version    3.0.9-1.3E.15vmw

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2008-1105 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not applicable hosted any any not applicable ESXi 3.5 ESXi not applicable ESX 3.5 ESX patch ESX350-200806218-UG ESX 3.0.2 ESX affected, patch pending ESX 3.0.1 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending ESX 2.5.4 ESX affected, patch pending

4. Solution:

Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

   ESX 3.5 (Samba)
   http://download3.vmware.com/software/esx/ESX350-200806218-UG    md5sum: dfad21860ba24a6322b36041c0bc2a07    http://kb.vmware.com/kb/1005931

   ESX 3.5 (vmnix)
   http://download3.vmware.com/software/esx/ESX350-200806201-UG    md5sum: 2888192905a6763a069914fcd258d329    http://kb.vmware.com/kb/1005894

5. References:

  CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 - ------------------------------------------------------------------- 6. Change log:

2008-07-28 VMSA-2008-0011 Initial release

  • --------------------------------------------------------------------- 7. Contact:

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQFIjnDeS2KysvBH1xkRCHW/AJdSYUVcCbNcmzKhta11Rr93caV1AJ47JuH6 Q6w8+D+ugeFo6fzlDc+pzQ==
=gr21
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/