Security updates from VMware

Virtualisation solution vendor VMware has released updates for its ESX Server and VirtualCenter products. These fix multiple vulnerabilities. Versions 3.0.1 and 3.0.2 of ESX Server include a buffer overflow in the OpenPegasus CIM Management Server that can be exploited by an attacker to remotely inject code and execute it with root privileges. According to the report, the bug is in the PAMBasicAuthenticator::PAMCallback() function that performs authentication using pluggable authentication modules (PAM). ESX Server 3.5 and ESX Server 3i are not affected. The vendor recommends that users of version 2.5 switch to a bug-fixed version 3.0.1 or higher.

VMware is not alone in being affected by the problem in OpenPegasus versions 2.7 and earlier. Other vendors such as Red Hat are also releasing new OpenPegasus packages. OpenPegasus is a tool for Web-Based Enterprise Management (WBEM) and is intended to simplify monitoring and configuration of various remote resources.

The VMware updates also fix vulnerabilities in the ESX Server service console package, which includes Samba, Perl, OpenSSL and util-linux. Only the vulnerability in Samba is critical. It can be exploited by means of crafted packets to inject code via the LAN and execute it with the server's privileges.

Finally, the updates fix a few older vulnerabilities in software included with VirtualCenter Management Server 2 and ESX Server 3.0.1 and 3.0.2. This software includes the Tomcat server, versions 5.5.17 to 5.5.25 of which contain a number of vulnerabilities. In addition, the Java runtime environment (JRE) has been updated to fix some vulnerabilities.

Further details and links to the updates can be found in the vendor's original security advisory.

See also:

• VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1, security advisory from VMware
• Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages, security advisory from VMware

(mba)