VMSA-2009-0008 ESX Service Console update for krb5 Jul 01 2009 07:10AM
VMware Security Team (security vmware com)
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2009-0008
Synopsis: ESX Service Console update for krb5
Issue date: 2009-06-30
Updated on: 2009-06-30 (initial release of advisory)
CVE numbers: CVE-2009-0846
- ------------------------------------------------------------------------

1. Summary

Service Console package krb5 has been updated to version

2. Relevant releases

VMware ESX 3.5.0 without patch ESX350-200906407-SG

3. Problem Description

a. Service Console package krb5 update to version krb5-1.2.7-70

Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography.

An input validation flaw in the asn1_decode_generaltime function in
MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a
denial of service or possibly execute arbitrary code via vectors
involving an invalid DER encoding that triggers a free of an
uninitialized pointer.

A remote attacker could use this flaw to crash a network service
using the MIT Kerberos library, such as kadmind or krb5kdc, by
causing it to dereference or free an uninitialized pointer or,
possibly, execute arbitrary code with the privileges of the user
running the service.

NOTE: ESX by default is unaffected by this issue, the daemons
kadmind and krb5kdc are not installed in ESX.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0846 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi 3.5 ESXi not affected

ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-200906407-SG
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX 3.5.0 ESX350-200906407-SG
md5sum: 6b8079430b0958abbf77e944a677ac6b

5. References

CVE numbers

- ------------------------------------------------------------------------

6. Change log

2009-06-30 VMSA-2009-0008
Initial security advisory after release of patches for ESX 3.5 on

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center

VMware security response policy

General support life cycle policy

VMware Infrastructure support life cycle policy

Copyright 2009 VMware Inc. All rights reserved.

Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus