Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18820
HistoryJan 08, 2008 - 12:00 a.m.

VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

2008-01-0800:00:00
vulners.com
34
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

               VMware Security Advisory

Advisory ID: VMSA-2008-0001
Synopsis: Moderate OpenPegasus PAM Authentication Buffer
Overflow and updated service console packages
Issue date: 2008-01-07
Updated on: 2008-01-07
CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572
CVE-2007-5191 CVE-2007-5116 CVE-2007-3108
CVE-2007-5135

  1. Summary:

Updated service console patches

  1. Relevant releases:

ESX Server 3.0.2 without patches ESX-1002969, ESX-1002970, ESX-1002971,
ESX-1002975, ESX-1002976
ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964,
ESX-1002968, ESX-1002972, ESX-1003176

  1. Problem description:

I OpenPegasus PAM Authentication Buffer Overflow

Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.

RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No

Note: ESX Server 3.5 and ESX Server 3i are not affected by this
issue.

ESX Server 3.0.2
http://download3.vmware.com/software/vi/ESX-1002970.tgz
md5sum: d19115e965d486e72100ce489efea707
http://kb.vmware.com/kb/1002970

ESX Server 3.0.1
http://download3.vmware.com/software/vi/ESX-1003176.tgz
md5sum: 5674ca0dcfac90726014cc316444996e
http://kb.vmware.com/kb/1003176

ESX Server 2.5.x

Users should remove the OpenPegasus CIM Management rpm. This
component is disabled by default, and VMware recommends that you
do not use this component of ESX Server 2.x. If you want to
use the CIM functionality, upgrade to ESX Server 3.0.1 or a later
release.

Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.

     Security best practices provided by VMware recommend that the
     service console be isolated from the VM network. Please see
     http://www.vmware.com/resources/techresources/726 for more
     information on VMware security best practices.

II Service Console package security updates

a. Updated Samba package

    An issue where attackers on the service console management
    network can cause a stack-based buffer overflow in the
    reply_netbios_packet function of nmbd in Samba. On systems
    where Samba is being used as a WINS server, exploiting this
    vulnerability can allow remote attackers to execute arbitrary
    code via crafted WINS Name Registration requests followed by a
    WINS Name Query request.

    An issue where attackers on the service console management
    network can exploit a vulnerability that occurs when Samba is
    configured as a Primary or Backup Domain controller. The
    vulnerability allows remote attackers to have an unknown impact
    via crafted GETDC mailslot requests, related to handling of
    GETDC logon server requests.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5398 and CVE-2007-4572 to these
    issues.

Note: By default Samba is not configured as a WINS server or a domain
controller and ESX is not vulnerable unless the administrator
has changed the default configuration.

    This vulnerability can be exploited remotely only if the
    attacker has access to the service console network.

    Security best practices provided by VMware recommend that the
    service console be isolated from the VM network. Please see
    http://www.vmware.com/resources/techresources/726 for more
    information on VMware security best practices.

    RPM Updated:
    samba-3.0.9-1.3E.14.1vmw
    samba-client-3.0.9-1.3E.14.1vmw
    samba-common-3.0.9-1.3E.14.1vmw

    VM Shutdown: Yes
    Host Reboot: Yes

    ESX Server 3.5.0 is not affected by this issue

    ESX Server 3.0.2
    http://download3.vmware.com/software/vi/ESX-1002975.tgz
    md5sum: 797a7494c2c4eb49629d3f94818df5dd
    http://kb.vmware.com/kb/1002975

    ESX Server 3.0.1
    http://download3.vmware.com/software/vi/ESX-1002968.tgz
    md5sum: 5106d90afaf77c3a0d8433487f937d06
    http://kb.vmware.com/kb/1002968

    ESX Server 2.5.5 download Upgrade Patch 3
    ESX Server 2.5.4 download Upgrade Patch 14

b. Updated util-linux package

    The patch addresses an issue where the mount and umount
    utilities in util-linux call the setuid and setgid functions in
    the wrong order and do not check the return values, which could
    allow attackers to gain elevated privileges via helper
    application such as mount.nfs.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-5191 to this issue.

    RPM Updated:
    util-linux-2.11y-31.24vmw
    losetup-2.11y-31.24vmw
    mount -2.11y-31.24vmw

    VM Shutdown: Yes
    Host Reboot: Yes

    ESX Server 3.0.2
    http://download3.vmware.com/software/vi/ESX-1002976.tgz
    md5sum: 0fe833c50c0ecb0ff9340d6674be2e43
    http://kb.vmware.com/kb/1002976

    ESX Server 3.0.1
    http://download3.vmware.com/software/vi/ESX-1002972.tgz
    md5sum: 59ca4a43f330c5f0b7a55693aa952cdc
    http://kb.vmware.com/kb/1002972

c. Updated Perl package

    The update addresses an issue where the regular expression
    engine in Perl can be used to issue a specially crafted regular
    expression that allows the attacker to run arbitrary code with
    the permissions level of the current Perl user.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-5116 to this issue.

    RPM Updated:
    perl-5.8.0-97.EL3

    VM Shutdown: Yes
    Host Reboot: Yes

    ESX Server 3.0.2
    http://download3.vmware.com/software/vi/ESX-1002971.tgz
    md5sum: 337b09d9ae4b1694a045e216b69765e1
    http://kb.vmware.com/kb/1002971

    ESX Server 3.0.1
    http://download3.vmware.com/software/vi/ESX-1002964.tgz
    md5sum: d47e26104bfd5e4018ae645638c94487
    http://kb.vmware.com/kb/1002964

d. Updated OpenSSL package

    A flaw in the SSL_get_shared_ciphers() function can allow an
    attacker to cause a buffer overflow problem by sending ciphers

    to applications that use the function.

    A possible vulnerability that would allow a local attacker to
    obtain private RSA keys being used on a system using the OpenSSL
    package.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-3108, and CVE-2007-5135 to these
    issues.

    RPM Updated:
    openssl-0.9.7a-33.24

    VM Shutdown: Yes
    Host Reboot: Yes

    ESX Server 3.0.2
    http://download3.vmware.com/software/vi/ESX-1002969.tgz
    md5sum: 72fd28a9f9380158db149259fbdcaa3b
    http://kb.vmware.com/kb/1002969

    ESX Server 3.0.1
    http://download3.vmware.com/software/vi/ESX-1002962.tgz
    md5sum: a0727bdc2e1a6f00d5fe77430a6ee9d6
    http://kb.vmware.com/kb/1002962

    ESX Server 2.5.5 download Upgrade Patch 3
    ESX Server 2.5.4 download Upgrade Patch 14
  1. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

ESX Server 3.x Patches:
http://www.vmware.com/download/vi/vi3_patches.html

ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html

ESX Server 2.5.5 Upgrade Patch 3
http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz
md5sum: 9068250fdd604e8787ef40995a4638f9
http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html

ESX Server 2.5.4 Upgrade Patch 14
http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz
md5sum: 24990b9207f882ccc91545b6fc90273d
http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html

  1. References:

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

  1. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

E-mail: [email protected]

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHgtXJS2KysvBH1xkRCPnYAJoDMpdOmgs4e+JQ610SCjnKF99wpgCfcVO3
UCcAvs574f1LCZv+8lPQvrk=
=Hzno
-----END PGP SIGNATURE-----

Related

vmware 2
nessus 62
redhat 8
openvas 52
debian 6
fedora 10
osv 5
gentoo 4
centos 9
ubuntu 4
suse 1
securityvulns 10
slackware 1
oraclelinux 7
freebsd 1
prion 4
cve 1
veracode 1
debiancve 3
d2 2
ubuntucve 2
f5 2
seebug 1
checkpoint_security 1
vmware
vmware
Updated service console patches.
2008-01-07 00:00:00
Updated service console patches.
2008-01-07 00:00:00
nessus
nessus
VMSA-2008-0001 : Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
2009-07-27 00:00:00
Scientific Linux Security Update : openssl on SL4.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 : openssl (CESA-2007:0813)
2007-10-25 00:00:00
redhat
redhat
(RHSA-2007:0813) Moderate: openssl security update
2007-10-22 00:00:00
(RHSA-2007:1013) Critical: samba security update
2007-11-15 00:00:00
(RHSA-2007:1003) Moderate: openssl security and bug fix update
2007-11-15 00:00:00
openvas
openvas
Ubuntu Update for samba regression USN-544-2
2009-03-23 00:00:00
Mandriva Update for samba MDKSA-2007:224 (samba)
2009-04-09 00:00:00
Fedora Update for samba FEDORA-2007-3402
2009-02-27 00:00:00
debian
debian
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities
2007-11-22 20:51:40
[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities
2007-11-29 14:28:19
[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
2007-11-26 14:53:41
fedora
fedora
[SECURITY] Fedora 7 Update: samba-3.0.27-0.fc7
2007-11-16 00:36:50
[SECURITY] Fedora 8 Update: samba-3.0.27-0.fc8
2007-11-16 14:39:42
[SECURITY] Fedora Core 6 Update: samba-3.0.24-8.fc6
2007-11-21 23:01:25
osv
osv
samba - several vulnerabilities (update)
2007-11-29 00:00:00
samba - several vulnerabilities
2007-11-29 00:00:00
samba - several vulnerabilities
2007-11-29 00:00:00
gentoo
gentoo
Samba: Execution of arbitrary code
2007-11-20 00:00:00
OpenSSL: Multiple vulnerabilities
2007-10-07 00:00:00
util-linux: Local privilege escalation
2007-10-18 00:00:00
centos
centos
samba security update
2007-11-15 19:31:12
samba security update
2007-11-15 23:26:10
openssl security update
2007-10-22 12:29:21
ubuntu
ubuntu
Samba regression
2007-11-16 00:00:00
Samba vulnerabilities
2007-11-16 00:00:00
openssl vulnerabilities
2007-09-28 00:00:00
suse
suse
remote code execution in samba
2007-12-05 16:05:59
securityvulns
securityvulns
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability
2007-11-16 00:00:00
Samba multiple security vulnerabilities
2007-11-16 00:00:00
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error
2008-01-06 00:00:00
slackware
slackware
[slackware-security] samba
2007-11-17 01:28:32
oraclelinux
oraclelinux
Critical: samba security update
2007-11-16 00:00:00
Moderate: openssl security update
2007-10-22 00:00:00
openssl security and bug fix update
2007-11-27 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2007-11-15 00:00:00
prion
prion
Design/Logic Flaw
2007-10-04 16:17:00
Design/Logic Flaw
2007-08-08 01:17:00
Buffer overflow
2007-11-07 23:46:00
cve
cve
CVE-2007-5191
2007-10-04 16:17:00
veracode
veracode
Privilege Escalation
2020-04-10 00:18:03
debiancve
debiancve
CVE-2007-5191
2007-10-04 16:17:00
CVE-2007-5116
2007-11-07 23:46:00
CVE-2007-4572
2007-11-16 18:46:00
d2
d2
DSquare Exploit Pack: D2SEC_VMWARE_PEGASUS
2008-01-08 20:46:00
DSquare Exploit Pack: D2SEC_VMPEGASUS
2008-01-08 20:46:00
ubuntucve
ubuntucve
CVE-2007-5191
2007-10-04 00:00:00
CVE-2007-4572
2007-11-16 00:00:00
f5
f5
SOL17443 - Perl vulnerability CVE-2007-5116
2015-10-16 00:00:00
K17443 : Perl vulnerability CVE-2007-5116
2015-10-16 00:00:00
seebug
seebug
Perl Unicode正则表达式堆溢出漏洞
2007-11-08 00:00:00
checkpoint_security
checkpoint_security
OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2
2008-08-04 21:00:00
JSON
Related for SECURITYVULNS:DOC:18820
vmware2nessus62redhat8openvas52debian6fedora10osv5gentoo4centos9ubuntu4suse1securityvulns10slackware1oraclelinux7freebsd1prion4cve1veracode1debiancve3d22ubuntucve2f52seebug1checkpoint_security1