VMSA-2008-0007.2
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
Issue date: 2008-04-15
Updated on: 2008-06-04
CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
CVE-2008-0003
1. Summary:
Updated Service Console packages for pcre, net-snmp, and OpenPegasus
2. Relevant releases:
VMware ESX 3.5 without patches ESX350-200803214-UG(pcre,net-snmp),
ESX350-200803201-UG(OpenPegasus)
VMware ESX 3.0.2 without patches ESX-1004213(OpenPegasus),
ESX-1004217(pcre),
ESX-1004218(net-snmp)
VMware ESX 3.0.1 without patches ESX-1004184(OpenPegasus),
ESX-1004187(pcre),
ESX-1004188(net-snmp)
NOTES: ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 07/31/2008. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
release available. ESX version 3.0.0 is no longer in Extended
Support. Users should upgrade to a supported version of the product.
3. Problem description:
a. Updated pcre Service Console package addresses several security issues
The pcre package contains the Perl-Compatible Regular Expression library.
pcre is used by various Service Console utilities.
Several security issues were discovered in the way PCRE handles regular
expressions. If an application linked against PCRE parsed a malicious
regular expression, it may have been possible to run arbitrary code as
the user running the application.
VMware would like to thank Ludwig Nussel for reporting these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.
RPM Updated:
pcre-3.9-10.4.i386.rpm
VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)
VMware ESX 3.0.2 patch ESX-1004217(pcre)
VMware ESX 3.0.1 patch ESX-1004187(pcre)
b. Updated net-snmp Service Console package addresses denial of service
net-snmp is an implementation of the Simple Network Management
Protocol (SNMP). SNMP is used by network management systems to
monitor hosts. By default ESX has this service enabled and its ports
open on the ESX firewall.
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port could send a
malicious packet causing snmpd to crash, resulting in a denial of
service.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-5846 to this issue.
RPM Updated:
net-snmp-5.0.9-2.30E.23.i386.rpm
net-snmp-libs-5.0.9-2.30E.23.i386.rpm
net-snmp-utils-5.0.9-2.30E.23.i386.rpm
VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)
VMware ESX 3.0.2 patch ESX-1004218 (net-snmp)
VMware ESX 3.0.1 patch ESX-1004188 (net-snmp)
c. Updated OpenPegasus Service Console package fixes overflow condition
OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
Management (WBEM) broker. These protocols are used by network management
systems to monitor and control hosts. By default ESX has this service
enabled and its ports open on the ESX firewall.
A flaw was discovered in the OpenPegasus CIM management server that
might allow remote attackers to execute arbitrary code. OpenPegasus
when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
defined, has a stack-based buffer overflow condition.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0003 to this issue.
RPMS updated:
cim-smwg-1.0-release-606113.i386.rpm
pegasus-2.5-release-606113.i386.rpm
VMware ESX 3.5 patch ESX350-200803201-UG(OpenPegasus)
VMware ESX 3.0.2 patch ESX-1004213(OpenPegasus)
VMware ESX 3.0.1 patch ESX-1004184(OpenPegasus)
4. Solution:
Please review the Patch notes for your product and version and verify the
md5sum of your downloaded file.
ESX 3.5 patch ESX350-200803214-UG
download3.vmware.com/software/esx/ESX350-200803214-UG.zip
md5sum: 9ff7b416afed3acfbfbb5d1d63ca5060
RPMS updated with patch ESX350-200803214-UG
e2fsprogs-1.32-15.4.i386.rpm
net-snmp-5.0.9-2.30E.23.i386.rpm
net-snmp-libs-5.0.9-2.30E.23.i386.rpm
net-snmp-utils-5.0.9-2.30E.23.i386.rpm
pcre-3.9-10.4.i386.rpm
libxml2-2.5.10-8.i386.rpm
libxml2-python-2.5.10-8.i386.rpm
ESX 3.5 patch ESX350-200803201-UG
download3.vmware.com/software/esx/ESX350-200803201-UG.zip
md5sum: 55dee9f4e256b996229ff0c9a5f0f72c
RPMS updated with ESX350-200803201-UG
cim-smwg-1.0-release-606113.i386.rpm
pegasus-2.5-release-606113.i386.rpm
VMware ESX 3.0.2 patch ESX-1004213 (OpenPegasus)
download3.vmware.com/software/vi/ESX-1004213.tgz
md5sum: cde300d8239ce5c9aac887957957eaa4
VMware ESX 3.0.1 patch ESX-1004184 (OpenPegasus)
download3.vmware.com/software/vi/ESX-1004184.tgz
md5sum: e96659cf283e1e2e141de58603af1bfc
VMware ESX 3.0.2 patch ESX-1004217 (pcre)
download3.vmware.com/software/vi/ESX-1004217.tgz
md5sum: 260b0316eaf9614e63632e9d9379cfee
VMware ESX 3.0.1 patch ESX-1004187 (pcre)
download3.vmware.com/software/vi/ESX-1004187.tgz
md5sum: 1890412a03c2bec66c42efd2548df4b1
VMware ESX 3.0.2 patch ESX-1004218 (net-snmp)
download3.vmware.com/software/vi/ESX-1004218.tgz
md5sum: e44b19ee7d94591af9b332931a4a01fd
VMware ESX 3.0.1 patch ESX-1004188 (net-snmp)
download3.vmware.com/software/vi/ESX-1004188.tgz
md5sum: de3e2f777494558b22ef192a0d6d7b59
5. References:
CVE numbers
cve.mitre.org/cgi-bin/cvename.cgi
cve.mitre.org/cgi-bin/cvename.cgi
cve.mitre.org/cgi-bin/cvename.cgi
cve.mitre.org/cgi-bin/cvename.cgi
6. Change log
2008-04-15 VMSA-2008-0007
Initial release
2008-05-02 VMSA-2008-0007.1
Added ESX 3.0.1, 3.0.2 for issue 3c. released 2008-05-01
2008-06-04 VMSA-2008-0007.2
Added ESX 3.0.1, 3.0.2 for issues 3a, 3b released 2008-06-03
- -------------------------------------------------------------------
7. Contact:
E-mail list for product security notifications and announcements:
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: kb.vmware.com/kb/1055
VMware Security Center
VMware security response policy
www.vmware.com/support/policies/security_response.html
General support life cycle policy
www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
www.vmware.com/support/policies/eos_vi.html