New VMSA-2016-0010 – VMware product updates address multiple important security

VMware Security Advisory
Advisory ID: VMSA-2016-0010
Severity:    Important
Synopsis:    VMware product updates address multiple important security
issues
Issue date:  2016-08-04 (Initial Advisory)
Updated on:  2016-08-04
CVE number:  CVE-2016-5330, CVE-2016-5331
1. Summary
VMware product updates address a DLL hijacking issue in Windows-based
VMware Tools and an HTTP Header injection issue in vCenter Server and ESXi.
2. Relevant Products
    VMware vCenter Server
    VMware vSphere Hypervisor (ESXi)
    VMware Workstation Pro
    VMware Workstation Player
    VMware Fusion
    VMware Tools
3. Problem Description
a. DLL hijacking issue in Windows-based VMware Tools
A DLL hijacking vulnerability is present in the VMware Tools “Shared
Folders” (HGFS) feature
running on Microsoft Windows. Exploitation of this issue may lead to
arbitrary code execution
with the privileges of the victim. In order to exploit this issue, the
attacker would need write
access to a network share and they would need to entice the local user into
opening their document.
There are no known workarounds for this issue.
VMware would like to thank Yorick Koster of Securify B.V. for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier
CVE-2016-5330 to this issue.
Column 5 of the following table lists the action required to remediate the
vulnerability in each
release, if a solution is available.
   VMware                     Product   Running                    Replace
with/
   Product                    Version   on          Severity       Apply
Patch*          Workaround
   ===============            =======   =======     ========
=============        ==========
   ESXi***                      6.0   ESXi    Important
ESXi600-201603102-SG  None
   ESXi***                      5.5   ESXi    Important
ESXi550-201607102-SG  None
   ESXi***                      5.1   ESXi    Important
ESXi510-201605102-SG  None
   ESXi***                      5.0   ESXi    Important
ESXi500-201606102-SG  None
   VMware Workstation Pro       12.1.x    Any       Important       12.1.1
              None
   VMware Workstation Player    12.1.x    Any       Important       8.1.1
              None
   VMware Fusion                8.1.x     Mac OS X   Important      8.1.1
              None
   VMware Tools                 10.0.5    Windows    Important
10.0.6**              None
* After the update or patch is applied, VMware Tools must also be updated
in any
Windows-based guests that include the “Shared Folders” (HGFS) feature to
resolve
CVE-2016-5330.
** VMware Tools can be downloaded independently and installed to resolve
this issue.
*** Successfully exploiting this issue requires installation of “Shared
Folders” component (HGFS
feature) which does not get installed in “custom/typical” installation of
VMware Tools on
Windows VM running on ESXi.
b. HTTP Header injection issue in vCenter Server and ESXi
vCenter Server and ESXi contain an HTTP header injection vulnerability due
to lack of input
validation. An attacker can exploit this issue to set arbitrary HTTP
response headers and
cookies, which may allow for cross-site scripting and malicious redirect
attacks.
There are no known workarounds for this issue.
VMware would like to thank Vladimir Ivanov, Andrey Evlanin, Mikhail
Stepankin, Artem
Kondratenko, Arseniy Sharoglazov of Positive Technologies, Matt Foster of
Netcraft Ltd,
Matthias Deeg of SySS GmbH, Eva Esteban Molina of A2secure? and Ammarit
Thongthua for
independently reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier
CVE-2016-5331 to this issue.
Column 5 of the following table lists the action required to remediate the
vulnerability in each release, if a solution is available.
    VMware            Product   Running                    Replace with/
   Product            Version   on         Severity        Apply Patch
         Workaround
   ===============    =======   =======    ========        =============
         ==========
   vCenter Server    6.0     Any        Important        6.0 U2
       None
   vCenter Server    5.x     Any           n/a           not affected
       None
   ESXi                6.0     ESXi    Important
ESXi600-201603101-SG     None
   ESXi                5.x     ESXi          n/a           not affected
         None
4. Solution
Please review the patch/release notes for your product and version and
verify the
checksum of your downloaded file.
vCenter Server
– ———————-
Downloads and Documentation:
ESXi 6.0
– ————-
Downloads:
Documentation:
ESXi 5.5
– ————
Downloads:
Documentation:
ESXi 5.1
– ———–
Downloads:
Documentation:
ESXi 5.0
– ————
Downloads:
Documentation:
VMware Workstation Pro 12.1.1
– ——————————————–
Downloads and Documentation:
VMware Workstation Player 12.1.1
– ————————————————
Downloads and Documentation:
VMware Fusion 8.1.1
– —————————–
Downloads and Documentation:
VMware Tools 10.0.6
– ——————————
Downloads:
d=491
Documentation:
release-notes.html
5. References
6. Change log
   2016-08-04 VMSA-2016-0010 Initial security advisory in conjunction with
the release of
   VMware ESXi 5.5 patches on 2016-08-04.

Created on August 5, 2016 by Rick Scherer

Posted under Alert.

This blog has 1,778 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Comment

Name (required)

Email (required)

Website

Comments

More Blog Post