BugTraq
VMSA-2009-0008 ESX Service Console update for krb5 Jul 01 2009 07:10AM
VMware Security Team (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2009-0008
Synopsis: ESX Service Console update for krb5
Issue date: 2009-06-30
Updated on: 2009-06-30 (initial release of advisory)
CVE numbers: CVE-2009-0846
- ------------------------------------------------------------------------

1. Summary

Service Console package krb5 has been updated to version
krb5-1.2.7-70.

2. Relevant releases

VMware ESX 3.5.0 without patch ESX350-200906407-SG

3. Problem Description

a. Service Console package krb5 update to version krb5-1.2.7-70

Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography.

An input validation flaw in the asn1_decode_generaltime function in
MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a
denial of service or possibly execute arbitrary code via vectors
involving an invalid DER encoding that triggers a free of an
uninitialized pointer.

A remote attacker could use this flaw to crash a network service
using the MIT Kerberos library, such as kadmind or krb5kdc, by
causing it to dereference or free an uninitialized pointer or,
possibly, execute arbitrary code with the privileges of the user
running the service.

NOTE: ESX by default is unaffected by this issue, the daemons
kadmind and krb5kdc are not installed in ESX.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0846 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi 3.5 ESXi not affected

ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-200906407-SG
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX
---
ESX 3.5.0 ESX350-200906407-SG
http://download3.vmware.com/software/vi/ESX350-200906407-SG.zip
md5sum: 6b8079430b0958abbf77e944a677ac6b
http://kb.vmware.com/kb/1011801

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846

- ------------------------------------------------------------------------

6. Change log

2009-06-30 VMSA-2009-0008
Initial security advisory after release of patches for ESX 3.5 on
2009-06-30.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2009 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFKSwuTS2KysvBH1xkRAoUdAJ9p880DOAAa1Eey+EhEYJKQwuHLtgCfVBku
2uDpvVwMPaKZA6dcNPJxENc=
=GMve
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus