Author Archives: Monty Ijzerman

New VMware Security Advisory VMSA-2017-0014

Today, VMware has released the following new security advisory:

VMSA-2017-0014 – VMware NSX-V Edge updates address OSPF Protocol LSA DoS

The advisory documents a hard to exploit denial of service vulnerability in the implementation of the OSPF protocol in NSX-V Edge (CVE-2017-4920). This issue is present due to incorrect handling of link-state advertisements (LSA). NSX-V Edge 6.2.8 and NSX-V Edge 6.3.3 address the issue.

We would like to thank Adi Sosnovich, Orna Grumberg and Gabi Nakibly for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

VMware Workstation target at Pwn2Own 2017

Update March 28 – Release of VMware Security Advisory VMSA-2017-0006
Today VMware released VMSA-2017-0006, which documents the remediation of the critical and moderate issues reported out of the Pwn2Own competition. These issues affect ESXi, VMware Workstation, and VMware Fusion, and may allow a guest to execute code on the host.
VMware recommends that customers expedite updating but that emergency measures like taking environments offline are not called for.
We’ve also published a new blogpost The Security Landscape: Pwn2Own 2017.

Original post
The Pwn2Own competition organized by Trend Micro’s ZDI has just wrapped up at Vancouver. VMware Workstation was a target at this competition.

In total, two teams managed to show that they could execute code on the VMware Workstation host from the guest. We are currently investigating these issues after having received the details from the teams directly. The issues were demonstrated on Workstation and we are investigating impact of them on ESXi and Fusion.

We would like to thank ZDI, Team 360 Security from Qihoo, and Team Sniper from Tencent Security for working with us to address the issues.

New VMware Security Advisory VMSA-2017-0003

Today VMware has released the following new security advisory:

VMSA-2017-0003 – VMware Workstation update addresses multiple security issues

The advisory documents an important severity DLL loading issue (CVE-2017-4898) and two moderate severity security issues (CVE-2017-4899  and CVE-2017-4900) in the SVGA driver of VMware Workstation Pro/Player. All versions of Workstation Pro/Player 12.x are affected.

Issue a is DLL hijacking issue that occurs due to the “vmware-vmx” process loading DLLs from a path defined in the local environment-variable and can be exploited to escalate privileges to System by normal users in the host machine where VMware Workstation is installed.
Issue b exists in the SVGA driver and can be triggered only when the host has no graphics card or no graphics drivers are installed. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read.
Issue c is a NULL pointer dereference vulnerability in SVGA driver and may allow attackers with normal user privileges to crash their VMs.
Workstation Pro/Player 12.5.3 fixes all these issues.

VMware would like to thank Ivil, Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent and Saar Amar (@AmarSaar) for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

New VMware Security Advisory VMSA-2016-0020 and Updated Advisories

Today VMware has released the following new and updated security advisories:
New

VMSA-2016-0020
Updated
VMSA-2016-0016.1
VMSA-2016-0018.1

The new advisory documents a deserialization vulnerability in the vRealize Operation REST API, CVE-2016-7462.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

VMware Workstation target at the PwnFest hacking competition

VMware Workstation is among the targets of the PwnFest hacking competition. At this event, which is organized along the Power of Community security conference in Seoul, security researchers are demonstrating their attack capabilities. The event is modeled after the well-known Pwn2Own competition.

Earlier today at the event, the 360 Marvel Team and security researcher Lokihardt (JungHoon Lee) used the same issue to demonstrate that they could execute code on the VMware Workstation host from the guest. We have received details on this issue directly from the researchers and we are now working on a solution. We have confirmed that the issue is limited to VMware Workstation and VMware Fusion and that ESXi is not affected.

We would like to thank the organizers of the event, the 360 Marvel Team, and Lokihardt for working with us to address the issue.

November 13 update
Today, we’ve published VMware Security Advisory VMSA-2016-0019 which documents the release of VMware Workstation 12.5.2 and VMware Fusion 8.5.2. These new Workstation and Fusion versions address the issue that was demonstrated at the PwnFest event. The issue has been assigned CVE identifier CVE-2016-7461.

VMware Security Response Center and Certifications @ VMworld Barcelona

¡Visítenos en VMworld in Barcelona!

If you are at VMworld next week, come over to the VMware Security Response and Certification booth at the Solutions Exchange to hear how we keep customers safe. Also, in the same booth we have daily theater presentations on VMware Certifications and VMware Security Response Center.

New VMware Security Advisory VMSA-2016-0012 and Updated Advisory

Today VMware has released the following new and updated security advisories:
New
VMSA-2016-0012
Updated
VMSA-2016-0007.1

The new advisory documents the left-over public ssh key that was used during the development process of VMware Photon OS OVAs 1.0, CVE-2016-5333.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2016-0009 and Updated Advisories

Today, VMware has released the following new and updated security advisories:
New
VMSA-2016-0009
Updated
VMSA-2015-0007.6
VMSA-2015-0009.3
VMSA-2016-0005.4

The new advisory addresses an important cross-site scripting issue in the vSphere Web Client, CVE-2015-6931. The issue is present on the server side in vCenter Server running on Windows and in vCenter Server Appliance.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2016-0006 and Updated Advisories

Today VMware has released the following new and updated security advisories:
New
VMSA-2016-0006
Updated
VMSA-2015-0007.5
VMSA-2016-0005.1

The new advisory addresses an important cross-site scripting issue in the vSphere Web Client, CVE-2016-2078. The issue is present on the server side when vCenter Server is running on Windows.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2016-0005

Today VMware has released the following new security advisory:

New


VMSA-2016-0005

The advisory documents remediation for a critical deserialization vulnerability in Oracle JRE, CVE-2016-3427.  VCenter Server is one of the affected products however only the local exploit scenario is relevant if the vCenter server patches and versions listed in VMSA-2015-0007 have been deployed. The advisory also documents a host privilege escalation on Workstation and Player, CVE-2016-2077.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.