Title

Multiple Vulnerabilities in VMware Products (Cat I impact)

Discussion

VMware has released the security advisory, addressing multiple vulnerabilities in various VMware products. VMware products provide enterprise level virtualization. To exploit these vulnerabilities, an attacker would send malicious requests to an affected system or interact with the interactive access on a virtual machine in a malicious manner. If successfully exploited, these vulnerabilities would allow an attacker to execute the arbitrary code or to compromise the affected system. At this time, there are no known exploits associated with these vulnerabilities; JTF-GNO is not aware of any DoD related incidents. VMware VMnc Codec Heap Overflow Vulnerabilities - (CVE-2009-1564 and CVE-2009-1565): Vulnerabilities in the decoder allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. Libpng 1-bit Interlaced Images Information Disclosure Vulnerability - (CVE-2009-2042): The libpng libraries through 1.2.35 contain an uninitialized- memory-read bug that may have security implications. VMware Player and Workstation 'vmware-authd' Remote Denial of Service Vulnerability - (CVE-2009-3707): A vulnerability in vmware-authd could cause a denial of service condition on Windows-based hosts. The denial of service is limited to a crash of authd. VMware Remote Console 'connect' Method Remote Format String Vulnerability - (CVE-2009-3732): VMware Remote Console (VMrc) contains a format string vulnerability. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed. VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability - (CVE-2010-1138): A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure. A guest operating system could send memory from the host vmware-vmx process to the virtual network adapter and potentially to the host's physical Ethernet wire. VMware 'vmrun' Local Privilege Escalation Vulnerability - (CVE-2010-1139): A format string vulnerability in vmrun could allow arbitrary code execution. If a vmrun command is issued and processes are listed, code could be executed in the context of the user listing the processes. VMware Hosted Products USB Service Local Privilege Escalation Vulnerability - (CVE-2010-1140): A vulnerability in the USB service allows for a privilege escalation. A local attacker on the host of a Windows-based Operating System where VMware Workstation or VMware Player is installed could plant a malicious executable on the host and elevate their privileges. VMware Hosted Products VMware Tools Library Reference Remote Code Execution Vulnerability - (CVE-2010-1141): A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. VMware Hosted Products VMware Tools Local Privilege Escalation Vulnerability - (CVE-2010-1142): A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: VMware Workstation 7.0 VMware Workstation 6.5.3 and earlier VMware Player 3.0 VMware Player 2.5.3 and earlier VMware ACE 2.6 VMware ACE 2.5.3 and earlier VMware Server 2.0.2 and earlier VMware Fusion 3.0 VMware Fusion 2.0.6 and earlier VMware VIX API for Windows 1.6.x View the About “Product” from the menu to view version and build numbers.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-23997

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.