SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware ESXi Vendors:   VMware
(VMware Issues Fix) OpenLDAP Bugs in slap_mods_free() and IA5StringNormalize() Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024933
SecurityTracker URL:  http://securitytracker.com/id/1024933
CVE Reference:   CVE-2010-0211, CVE-2010-0212   (Links to External Site)
Date:  Jan 5 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX 4.0, 4.1
Description:   Two vulnerabilities were reported in OpenLDAP. A remote user can execute arbitrary code on the target system. VMware ESX is affected.

A remote user can send specially crafted data to cause an invalid pointer to be freed, potentially executing arbitrary code on the target system [CVE-2010-0211]. The vulnerability resides in the slap_modrdn2mods() function in 'modrdn.c'.

A remote user can send specially crafted data to trigger a null pointer dereference and potentially execute arbitrary code on the target system [CVE-2010-0212]. The vulnerability resides in the IA5StringNormalize() function in 'schema_init.c'.

Ilkka Mattila and Tuomas Salom.ki using the Codenomicon LDAPv3 test suite reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   VMware has issued a fix for VMware ESX:

ESX 4.0: ESX400-201101402-SG

A patch is pending for ESX 4.1.

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Jul 20 2010 OpenLDAP Bugs in slap_mods_free() and IA5StringNormalize() Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Security-announce] VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2011-0001
Synopsis:          VMware ESX third party updates for Service Console
                   packages glibc, sudo, and openldap
Issue date:        2011-01-04
Updated on:        2011-01-04 (initial release of advisory)
CVE numbers:       CVE-2010-3847 CVE-2010-385 CVE-2010-2956
                   CVE-2010-0211 CVE-2010-0212
- ------------------------------------------------------------------------

1. Summary

   ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and
   openldap packages.

2. Relevant releases

   VMware ESX 4.0 without patches ESX400-201101405-SG,
   ESX400-201101404-SG, ESX400-201101402-SG

3. Problem Description

 a. Service Console update for glibc

    The service console packages glibc, glibc-common, and nscd are each
    updated to version 2.5-34.4908.vmw.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues
    addressed in this update.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.  

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not applicable

    ESX            4.1       ESX      affected, patch pending
    ESX            4.0       ESX      ESX400-201101405-SG
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable

  * Hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 b. Service Console update for sudo

    The service console package sudo is updated to version
    1.7.2p1-8.el5_5.
   
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-2956 to the issue addressed in this
    update.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.  

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      affected, patch pending
    ESX            4.0       ESX      ESX400-201101404-SG
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 c. Service Console update for openldap

    The service console package openldap is updated to version
    2.3.43-12.el5_5.1.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues
    addressed in this update.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      affected, patch pending
    ESX            4.0       ESX      ESX400-201101402-SG
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   ESX 4.0
   -------
   ESX400-201101001
   Download link:
 
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-257-20101231-664
659/ESX400-201101001.zip
   md5sum: f1d522b380692e0845eb0dda480ab890
   sha1sum: 906989af3ddacc41321d685c4afe0d740856f9d5
   http://kb.vmware.com/kb/1029426

   ESX400-201101001 contains the following security bulletins:
      ESX400-201101401-SG (COS kernel) | http://kb.vmware.com/kb/1029424
      ESX400-201101405-SG (glibc)      | http://kb.vmware.com/kb/1029881
      ESX400-201101404-SG (sudo)       | http://kb.vmware.com/kb/1029421
      ESX400-201101402-SG (openldap)   | http://kb.vmware.com/kb/1029423

   ESX400-201101401-SG is documented in VMSA-2010-0017.1.
 
   To install an individual bulletin use esxupdate with the -b option.

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212

- ------------------------------------------------------------------------

6. Change log

2011-01-04  VMSA-2011-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.0 on 2011-01-04

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNJBExS2KysvBH1xkRArZsAJ904fRME9Y4mZFtxfv6yXyVOphzQwCfXjvj
j80XhpPAthN115FQDGCpZ+M=
=jhow
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC