Today VMware has released the following new security advisory:
“VMSA-2017-0013 – VMware vCenter Server and Tools updates resolve multiple security vulnerabilities”
This documents an insecure library loading issue (CVE-2017-4921) and two information disclosure issues (CVE-2017-4922 and CVE-2017-4923) affecting VMware vCenter 6.5 release line. These issues are of moderate severity.
This also documents a moderate severity local privilege escalation issue (CVE-2015-5191) affecting VMware Tools.
CVE-2017-4921 is an insecure library loading issue that occurs due to the use of ‘LD_LIBRARY_PATH’ variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.
CVE-2017-4922 is an information disclosure issue that occurs due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVE-2017-4923 is also an information disclosure vulnerability. Exploiting this issue may allow an attacker to obtain plaintext credentials when using the vCenter Server Appliance file-based backup feature.
CVE-2015-5191 is a local privilege escalation issue that exists because VMware Tools contains multiple file system races in libDeployPkg.
VMware vCenter Server 6.5 U1 and VMware Tools 10.0.9 and above fix these issues.
We would like to thank Thorsten Tüllmann, researcher at Karlsruhe Institute of Technology, Joe Womack of Expedia, Florian Weimer and Kurt Seifried of Red Hat Product Security for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.