You are here

T-637: VMSA-2011-0009 VMware hosted product updates, ESX patches and VI , Client update resolve multiple

June 6, 2011 - 3:04pm

Addthis

PROBLEM:

VMSA-2011-0009 VMware hosted product updates, ESX patches and VI , Client update resolve multiple

PLATFORM:

Supported Platforms VMSA-2011-0009

ABSTRACT:

This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems. CVE-2011-2146 Mount.vmhgfs Information Disclosure, information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. CVE-2011-1787 Mount.vmhgfs Race Condition, privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. CVE-2011-2145 Mount.vmhgfs Privilege Escalation, privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. For more information on the following associated CVE details please use the provided links below.

CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, and CVE-2011-2217

reference LINKS: 

Security Advisories & Certifications - VMSA-2011-0009
VMware Workstation 7.1.4 - VMSA-2011-0009
VMware Fusion 3.1.3 - VMSA-2011-0009

IMPACT ASSESSMENT:

High

Discussion:

This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems.  CVE numbers: CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, and CVE-2011-2217

Solution:

VMware Workstation 7.1.4 http://downloads.vmware.com/d/info/desktop_downloads/vmware_workstation/7_0 Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws714.html VMware Workstation for Windows 32-bit and 64-bit with VMware Tools VMware Workstation for Linux 32-bit with VMware Tools VMware Workstation for Linux 64-bit with VMware Tools

VMware Fusion 3.1.3 http://downloads.vmware.com/d/info/desktop_downloads/vmware_fusion_for_t... Release Notes: http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_313.... VMware Fusion for Intel-based Macs

VMware Player 3.1.4 Download link: http://downloads.vmware.com/d/info/desktop_downloads/vmware_player/3_0 Release notes: https://www.vmware.com/support/player31/doc/releasenotes_player314.html VMware Player 3.1.4 for 32-bit and 64-bit Windows VMware Player 3.1.4 for 32-bit Linux VMware Player 3.1.4 for 64-bit Linux

VMware ESXi 4.1 ESXi410-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-276-20110420-... http://kb.vmware.com/kb/1035111 ESXi410-201104001 contains ESXi410-201104402-BG

VMware ESX 4.1 ESXi410-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-... http://kb.vmware.com/kb/1035110

VMware ESXi 4.0 ESXi400-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-278-20110424-... http://kb.vmware.com/kb/1037261 Note ESXi400-201104001 contains ESXi400-201104402-BG

VMware ESX 4.0 ESX400-201104001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-277-20110424-... http://kb.vmware.com/kb/1037260 Note ESX400-201104001 contains ESX400-201104401-SG

VMware ESXi 3.5 ESXe350-201105401-O-SG Download link: http://download3.vmware.com/software/vi/ESXe350-201105401-O-SG.zip http://kb.vmware.com/kb/1036403 Note ESXe350-201105401-O-SG contains the following security fixes: ESXe350-201105402-T-SG and ESXe350-201105401-I-SG

VMware ESX 3.5 ESX350-201105401-SG Download link: http://download3.vmware.com/software/vi/ESX350-201105401-SG.zip http://kb.vmware.com/kb/1036399

Download link: http://download3.vmware.com/software/vi/ESX350-201105404-SG.zip http://kb.vmware.com/kb/1036402

ESX350-201105406-SG Download link: http://download3.vmware.com/software/vi/ESX350-201105406-SG.zip http://kb.vmware.com/kb/1036754
 

Addthis