VMware Multiple Vulnerabilities Patched

Multiple vulnerabilities have been identified in VMware and VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package.  If you run VMware, you will want to apply this update.

a. VMware vmkernel third party e1000 Driver Packet Filter Bypass

An issue in the e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters.

b. ESX third party update for Service Console kernel

This update for the console OS kernel package resolves four security issues.

  1. IPv4 Remote Denial of Service
  2. Local SCSI Driver Denial of Service / Possible Privilege Escalation
  3. Kernel Memory Management Arbitrary Code Execution
  4. e1000 Driver Packet Filter Bypass
c. Multiple vulnerabilities in mount.vmhgfs
VMware Tools includes mount.vmhgfs, a setuid-root utility that allows unprivileged users in a guest VM to mount HGFS shared folders.  Also shipped with VMware Tools is vmware-user-suid-wrapper, a setuid-root utility which handles initial setup to prepare for running vmware-user, which grants users access to other utilities included with VMware Tools.  This patch provides a fix for the following three security issues.  None of these issues affect Windows based Guest Operating Systems.
  1. Mount.vmhgfs Information Disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions.
  2. Mount.vmhgfs Race Condition Privilege escalation that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory.
  3. Mount.vmhgfs Privilege Escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems.
d. VI Client ActiveX vulnerabilities

VI Client COM objects can be instantiated in Internet Explorer which may cause memory corruption. An attacker who succeeded in making the VI Client user visit a malicious Web site could execute code on the user’s system within the security context of that user.