Title

Multiple Vulnerabilities in VMware Products (Cat I impact)

Discussion

VMware has released a security advisory addressing multiple vulnerabilities affecting various VMware products. To exploit these vulnerabilities, attackers would utilize various TTPs (Tactics, Techniques and Procedures). Successful exploitation of the most serious of these vulnerabilities would result in the complete compromise of affected systems. At this time, there are known exploits associated with some of the identified vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. e1000 Driver Packet Filter Bypass Vulnerability - (CVE-2009-4536): There is an issue in the Service Console e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters SCSI Driver Denial of Service / Possible Privilege Escalation Vulnerability - (CVE-2009-3080): A local attacker can achieve a denial of service and possibly a privilege escalation via a vulnerability in the Linux SCSI drivers. IPv4 Remote Denial of Service Vulnerability - (CVE-2010-1188): An remote attacker can achieve a denial of service via an issue in the kernel IPv4 code. Kernel Memory Management Arbitrary Code Execution Vulnerability - (CVE-2010-2240): A context-dependent attacker can execute arbitrary code via a vulnerability in a kernel memory handling function. Mount.vmhgfs Privilege Escalation Vulnerability - (CVE-2011-2145): Privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. Mount.vmhgfs Information Disclosure Vulnerability - (CVE-2011-2146): Mount.vmhgfs Information Disclosure Information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. Mount.vmhgfs Privilege Escalation Vulnerability - (CVE-2011-1787): Privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. VI Client Memory Corruption Vulnerability - (CVE-2011-2217): VI Client COM objects can be instantiated in Internet Explorer which may cause memory corruption. An attacker who succeeded in making the VI Client user visit a malicious Web site could execute code on the user's system within the security context of that user.

Check Content

See IAVM notice 2011-A-0075 or VMware Security Advisory for additional information. Vulnerable Applications/Systems: VMware Workstation prior to 7.1.4 VMware Player prior to 3.1.4 VMware Fusion prior to 3.1.3 ESXi 4.1 without patch ESXi410-201104001 ESXi 4.0 without patch ESXi400-201104001 ESX 4.1 without patch ESXi410-201104001 ESX 4.0 without patch ESX400-201104001 ESXi 3.5 without patch ESXe350-201105401-O-SG ESX 3.5 without the following patches: ESX350-201105401-SG ESX350-201105404-SG ESX350-201105406-SG VI Clients bundled with VMware Infrastructure 3: VI Client 2.0.2 prior to Build 230598 VI Client 2.5 prior Build 204931

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-28311

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.