TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Multiple vulnerabilities in Vmware products |
| PLATFORM: | VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 2.0, VMware Server 1.0.8 and earlier, VMware Fusion 2.0.1 and earlier. VMware ESXi 3.5 without patch ESXe350-200904402-T-BG VMware ESX 3.5 without patch ESX350-200904401-BG VMware ESX 3.0.3 without patch ESX303-200905401-SG VMware ESX 3.0.2 without patch ESX-1008420 VMware ESX 2.5.5 without update patch 13 Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. |
| ABSTRACT: | Vmware suffers from two vulnerabilities that could cause a denial of service condition. A third vulnerability in memory handling could result in denial of service or in the execution of arbitrary code. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-150.shtml |
| OTHER LINKS: | Vmware http://www.vmware.com/security/advisories/VMSA-2009-0007.html |
| CVE: | CVE-2009-0040 CVE-2008-1382 CVE-2009-1805 |
| IMPACT ASSESSMENT | This risk is high. Successful exploit of the memory handling error could result in a condition where arbitrary code could be run with the privileges of the user running Vmware. |
[***** Start CVE-2009-1805 CVE-2009-0040 CVE-2008-1382 *****]
Discussion
VMware Descheduled Time Accounting driver vulnerability may cause a denial of service in Windows based virtual machines.
The VMware Descheduled Time Accounting Service is an optional, experimental service that provides improved guest operating
system accounting. This patch fixes a denial of service vulnerability that could be triggered in a virtual machine by an
unprivileged, locally logged-on user in the virtual machine.
CVE-2009-0040
A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error
conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the
application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CVE-2008-1382
A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against
libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash.
Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your
downloaded file.
VMware Workstation 6.5.2
------------------------
http://www.vmware.com/download/ws/
Release notes:
http://www.vmware.com/support/ws65/doc/releasenotes_ws652.html
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
For Linux
Workstation for Linux 32-bit
Linux 32-bit .rpm
md5sum: 69b039c848f6b2c94948928d8e9057bb
sha1sum: 37ca77ef550db932cf7b078fcbd6fa0155e3411e
Workstation for Linux 32-bit
Linux 32-bit .bundle
md5sum: 5d4ccf9c23701d09a671f586a9bb4190
sha1sum: d508111adf479d82049c323b1d0b82200c0ab4dd
Workstation for Linux 64-bit
Linux 64-bit .rpm
md5sum: 19387416e3b597b901dfe84e4a2bcd97
sha1sum: 0726518abc9a77051d991af570774bae1625ff78
Workstation for Linux 64-bit
Linux 64-bit .bundle
md5sum: 56dfc3adcf96701f440b19a8cf06c3df
sha1sum: 04aa442a2b9bf2c67d6266a410b20ef146b93bef
VMware Player 2.5.2
-------------------
http://www.vmware.com/download/player/
Release notes:
http://www.vmware.com/support/player25/doc/releasenotes_player252.html
Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.2-156735.exe
md5sum: 01356d729e9b031c8904e9560a02c469
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i386.rpm
md5sum: aa047047b72de7f4b53d9c2128b53bec
Player for Linux (.tar)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i386.bundle
md5sum: bd51e8f8ef2417080c6d734f6ea9fb87
VMware Player 2.5.2 - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x86_64.rpm
md5sum: 5b488b97b5091d3980eb74ec0a5c065b
VMware Player 2.5.2 - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x86_64.bundle
md5sum: 25254cd60c4063c2c68a8bf50c2c4869
VMware ACE 2.5.2
----------------
http://www.vmware.com/download/ace/
Release notes:
http://www.vmware.com/support/ace25/doc/releasenotes_ace252.html
ACE Management Server Virtual Appliance
AMS Virtual Appliance .zip
md5sum: 430ff7792d9d490d1678fc22b4c62121
sha1sum: 98b74e0dba4214b055c95ccea656bfa2731c3fee
VMware ACE for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
ACE Management Server for Windows
Windows .exe
md5sum: 44918519a7bac2501b211c9825ed8268
sha1sum: 97655c824815f7c4e25f6940c708f835ab616da9
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: 7fcb0409474c7e81accc90f25d80b00e
sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 745e3115f8557fa04c2ddaf25320a911
sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
VMware Server 2.0.1
-------------------
http://www.vmware.com/download/server/
Release notes:
http://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html
For Windows
VMware Server 2
Version 2.0.1 | 156745 - 03/31/09
507 MB EXE image VMware Server 2 for Windows Operating Systems. A
master installer file containing all Windows components of VMware
Server.
md5sum: d0eefaa79e42d13a693c4d732a460ba4
VIX API 1.6 for Windows.
Version 1.6.2 | 156745 - 03/31/09 37 MB EXE image
md5sum: ad531ed3c37c0a50fb915981f83ca133
For Linux
VMware Server 2 for Linux Operating Systems.
Version 2.0.1 | 156745 - 03/31/09 465 MB RPM image
md5sum: eb42331bbd9be30848826b8cab73e0ca
VMware Server 2 for Linux Operating Systems.
Version 2.0.1 | 156745 - 03/31/09 466 MB TAR image
md5sum: be96bc1696f4cef67755bfd2553ce233
VMware Server 2 for Linux Operating Systems 64-bit version.
Version 2.0.1 | 156745 - 03/31/09 434 MB RPM image
md5sum: 697a792c70d50e98a347c06b323bd20b
The core application needed to run VMware Server 2, 64-bit version.
Version 2.0.1 | 156745 - 03/31/09 436 MB TAR image
md5sum: f40498229772910d6a6788b7803f9c38
VIX API 1.6 for Linux.
Version 1.6.2 | 156745 - 03/31/09 17 MB TAR image
md5sum: 2ef6174b90cdd9a2832b57dbe94cfbb1
64-bit VIX API 1.6 for Linux.
Version 1.6.2 | 156745 - 03/31/09 21 MB TAR image
md5sum: 454aeba273f9a89c578223c95b262323
VMware Server 1.0.9
-------------------
http://www.vmware.com/download/server/
Release notes:
http://www.vmware.com/support/server/doc/releasenotes_server.html
VMware Server for Windows 32-bit and 64-bit
http://download3.vmware.com/software/vmserver/VMware-server-installer-1.0.9-156507.exe
md5sum: 8c650f8a0a0521b69c6aba00d910cfb9
VMware Server Windows client package
http://download3.vmware.com/software/vmserver/VMware-server-win32-client-1.0.9-156507.zip
md5sum: c83e673f7422a4f3edaf7d9337cf5d6d
VMware Server for Linux
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.tar.gz
md5sum: ff4b57588514c83b1a828e3b19843ad2
VMware Server for Linux rpm
http://download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.i386.rpm
md5sum: c8fc9e9f948f2807b9f8bfb3ca318f36
Management Interface
http://download3.vmware.com/software/vmserver/VMware-mui-1.0.9-156507.tar.gz
md5sum: dbf99faef8bd26e173cf2514d7bea449
VMware Server Linux client package
http://download3.vmware.com/software/vmserver/VMware-server-linux-client-1.0.9-156507.zip
md5sum: 7e76a481408454a747bb4d076a6e2524
VMware Fusion 2.0.4
-------------------
http://www.vmware.com/download/fusion/
VMware Fusion 2.0.4: with McAfee VirusScan Plus 2009
md5sum:5b63c7ca402588bda6aa590a26d29adf
sha1sum:e575ada73da996bd00b880ae2d0bfcef2daf9f8e
VMware Fusion 2.0.4: Download including only VMware
md5sum:689eaf46746cdc89a595e0ef81b714b3
sha1sum:46300075feb00df099d5272b984f762416d33791
ESXi
----
ESXi 3.5 patch ESXe350-200904401-O-SG (ESXe350-200904402-T-BG)
http://download3.vmware.com/software/vi/ESXe350-200904401-O-SG.zip
md5sum: 9b11aa16afd676a5190cfd0b68d5a836
http://kb.vmware.com/kb/1010136
NOTES: The three ESXi patches for Firmware "I", VMware Tools "T,"
and the VI Client "C" are contained in a single offline "O"
download file.
ESX
---
ESX 3.5 patch ESX350-200904401-BG
http://download3.vmware.com/software/vi/ESX350-200904401-BG.zip
md5sum: 01847ced394a0556f99ca4c55b2174bf
http://kb.vmware.com/kb/1010126
ESX 3.0.3 patch ESX303-200905401-SG
http://download3.vmware.com/software/vi/ESX303-200905401-SG.zip
md5sum: bea33fd046957aa38ce0ed67d6b362ed
http://kb.vmware.com/kb/1009940
ESX 3.0.2 patch ESX-1008420
http://download3.vmware.com/software/vi/ESX-1008420.tgz
md5sum: 0a63dde5307defd48592d4e8b88f3f48
http://kb.vmware.com/kb/1008420
ESX 2.5.5 Upgrade Patch 13
http://www.vmware.com/support/esx25/doc/esx-255-200905-patch.html
http://download3.vmware.com/software/esx/esx-2.5.5-161312-upgrade.tar.gz
md5sum: a477b7819f5a0d4cbd38b98432a48c88
sha1sum: cceb38898108e48cc5b7e3298a03a369aa783699
[***** End CVE-2009-1805 CVE-2009-0040 CVE-2008-1382 *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov