VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus Apr 16 2008 01:23AM
VMware Security team (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~ VMware Security Advisory

Advisory ID: VMSA-2008-0007
Synopsis: Moderate Updated Service Console packages pcre
~ net-snmp, and OpenPegasus
Issue date: 2008-04-15
Updated on: 2008-04-15 (initial release of advisory)
CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
~ CVE-2008-0003
- -------------------------------------------------------------------

1. Summary:

~ Updated Service Console packages for pcre, net-snmp, and OpenPegasus

2. Relevant releases:

~ VMware ESX 3.5 without patch ESX350-200803214-UG

3. Problem description:

~ a. Updated pcre Service Console package addresses several security issues

~ The pcre package contains the Perl-Compatible Regular Expression library.
~ pcre is used by various Service Console utilities.

~ Several security issues were discovered in the way PCRE handles
~ regular expressions. If an application linked against PCRE parsed a
~ malicious regular expression, it may have been possible to run
~ arbitrary code as the user running the application.

~ VMware would like to thank Ludwig Nussel for reporting these issues.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

~ RPM Updated:
~ pcre-3.9-10.4.i386.rpm

~ b. Updated net-snmp Service Console package addresses denial of service

~ net-snmp is an implementation of the Simple Network Management
~ Protocol (SNMP). SNMP is used by network management systems to
~ monitor hosts. By default ESX has this service enabled and its ports
~ open on the ESX firewall.

~ A flaw was discovered in the way net-snmp handled certain requests. A
~ remote attacker who can connect to the snmpd UDP port could send a
~ malicious packet causing snmpd to crash, resulting in a denial of
~ service.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the name CVE-2007-5846 to this issue.

~ RPM Updated:
~ net-snmp-5.0.9-2.30E.23.i386.rpm
~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm

~ c. Updated OpenPegasus Service Console package fixes overflow condition

~ OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
~ Management (WBEM) broker. These protocols are used by network management
~ systems to monitor and control hosts. By default ESX has this service
~ enabled and its ports open on the ESX firewall.

~ A flaw was discovered in the OpenPegasus CIM management server that
~ might allow remote attackers to execute arbitrary code. OpenPegasus
~ when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
~ defined, has a stack-based buffer overflow condition.

~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the name CVE-2008-0003 to this issue.

~ RPMS updated:
~ cim-smwg-1.0-release-606113.i386.rpm
~ pegasus-2.5-release-606113.i386.rpm

4. Solution:

Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.

~ ESX 3.5 patch ESX350-200803214-UG
~ http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
~ md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060
~ http://kb.vmware.com/kb/1003721

~ RPMS updated with patch ESX350-200803214-UG
~ e2fsprogs-1.32-15.4.i386.rpm
~ net-snmp-5.0.9-2.30E.23.i386.rpm
~ net-snmp-libs-5.0.9-2.30E.23.i386.rpm
~ net-snmp-utils-5.0.9-2.30E.23.i386.rpm
~ pcre-3.9-10.4.i386.rpm
~ libxml2-2.5.10-8.i386.rpm
~ libxml2-python-2.5.10-8.i386.rpm

~ ESX 3.5 patch ESX350-200803201-UG
~ http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip
~ md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
~ http://kb.vmware.com/kb/1003695

~ RPMS updated with ESX350-200803201-UG
~ cim-smwg-1.0-release-606113.i386.rpm
~ pegasus-2.5-release-606113.i386.rpm

5. References:

~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003

6. Change log

2008-04-15 VMSA-2008-0007 Initial release

- -------------------------------------------------------------------
7. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~ * security-announce (at) lists.vmware (dot) com [email concealed]
~ * bugtraq (at) securityfocus (dot) com [email concealed]
~ * full-disclosure (at) lists.grok.org (dot) uk [email concealed]

E-mail: security (at) vmware (dot) com [email concealed]
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIBVTyS2KysvBH1xkRCMNGAJ9kdOVbJNb9cK7hoyXpPbkSXgqvnwCfaXGz
bNkhUejzelQIDSGqZkUDgWY=
=jhJt
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus