VMware Multiple - security issues

2009.09.10
Risk: High
Local: No
Remote: Yes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0012 Synopsis: VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. Issue date: 2009-09-04 Updated on: 2009-09-04 (initial release of advisory) CVE numbers: CVE-2009-0199 CVE-2009-2628 - ------------------------------------------------------------------------ 1. Summary Several security issues are resolved with the latest VMnc codec. 2. Relevant releases VMware Workstation Movie Decoder stand alone 6.5.2 and earlier. VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier, 3. Problem Description Several security issues resolved with the latest VMnc codec. The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package. Several vulnerabilities in the VMnc codec can be exploited to cause heap-based buffer overflows via specially crafted video files containing incorrect framebuffer parameters. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed. VMware would like to thank Alin Rad Pop of Secunia Research and Will Dormann of the CERT/CC for reporting these issues and working with us on their remediation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0199 and CVE-2009-2628 to these issues. To remediate the above issues either install the stand alone movie decoder or update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Movie Decoder any Windows 6.5.3 Build 185404 or later Workstation 6.5.x Windows 6.5.3 build 185404 or later Workstation 6.5.x Linux not affected Player 2.5.x Windows 2.5.3 build 185404 or later Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation Movie Decoder stand alone -------------------------------------------- http://www.vmware.com/download/ws/drivers_tools.html http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.3-1854 04.exe md5sum: 2e9de20045c44bc1c03daa3e6fd9a611 sha1sum: 9cd8f9578223310db988131885ffda6c9a4de873 VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404 .exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404 .i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404 .i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404 .x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404 .x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2628 - ------------------------------------------------------------------------ 6. Change log 2009-09-04 VMSA-2009-0012 Initial security advisory after release of Workstation Movie Decoder on 2009-09-04. The corresponding updated versions of Workstation, Player and ACE were released on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKoaCNS2KysvBH1xkRAuDYAJ9Hd96isQL3JLxql3EcKPsYOjwVeACeP9ca Pn+y2XFBVmddcLje3AwhYuw= =wubK -----END PGP SIGNATURE-----

References:

http://www.kb.cert.org/vuls/id/444513
http://www.vmware.com/security/advisories/VMSA-2009-0012.html
http://www.securityfocus.com/bid/36290
http://www.securityfocus.com/archive/1/archive/1/506286/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2009/000065.html
http://www.vupen.com/english/advisories/2009/2553
http://secunia.com/advisories/34938


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top