SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   VMware ESX Server Vendors:   VMware, Inc.
(VMware Issues Fix for ESX) Linux Kernel compat_alloc_user_space() Stack Pointer Error Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1024799
SecurityTracker URL:  http://securitytracker.com/id/1024799
CVE Reference:   CVE-2010-3081   (Links to External Site)
Updated:  Jan 5 2011
Original Entry Date:  Nov 30 2010
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX 4.0, 4.1
Description:   A vulnerability was reported in the Linux Kernel. A local user can obtain root privileges on the target system. VMware ESX is affected.

A local user can exploit a flaw in the compat_alloc_user_space() function to trigger a stack pointer error and execute arbitrary commands on the target system with root privileges.

Ben Hawkes disclosed this vulnerability.
Impact:   A local user can obtain root privileges on the target system.
Solution:   VMware has issued a fix (patches ESX400-201101401-SG and ESX410-201011001).

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2010-0017.html
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Sep 21 2010 Linux Kernel compat_alloc_user_space() Stack Pointer Error Lets Local Users Gain Root Privileges


 Source Message Contents
Date:  Mon, 29 Nov 2010 22:34:15 -0800
Subject:  [Security-announce] VMSA-2010-0017 VMware ESX third party update for Service Console kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2010-0017
Synopsis:          VMware ESX third party update for Service Console
                   kernel
Issue date:        2010-11-29
Updated on:        2010-11-29 (initial release of advisory)
CVE numbers:       CVE-2010-3081
- ------------------------------------------------------------------------

1. Summary

   ESX Service Console OS (COS) kernel update.

2. Relevant releases

   VMware ESX 4.1 without patch ESX410-201011001

3. Problem Description

 a. Service Console OS update for COS kernel package.

    This patch updates the Service Console kernel to fix a stack
    pointer underflow issue in the 32-bit compatibility layer.

    Exploitation of this issue could allow a local user to gain
    additional privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-3081 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201011402-SG
    ESX            4.0       ESX      patch pending
    ESX            3.x       ESX      not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   ESX 4.1
   -------
   ESX410-201011001
   Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-253-20101122-763
417/ESX410-201011001.zip
   md5sum: e73fd3302529c1d85d9cc47457dfb963
   sha1sum: c0e0eac907c04105791ac44e288e7d8076dc14e0
   http://kb.vmware.com/kb/1029400

   ESX410-201011001 contains the following security bulletins:
   ESX410-201011402-SG (COS kernel) | http://kb.vmware.com/kb/1029397

   ESX410-201011001 also contains the following non-security bulletins
   ESX410-201011401-BG

   To install an individual bulletin use esxupdate with the -b option.

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

- ------------------------------------------------------------------------

6. Change log

2010-11-29  VMSA-2010-0017
Initial security advisory after release of patches for ESX 4.1
on 2010-11-29

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFM9JrWS2KysvBH1xkRAk8zAJoDeU4q4Sm/wB3etTjc39T6M5yqkACeLayU
6pMjsxCq7bzY6LbVyXbn4f0=
=HLLL
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC