Re: Slider Revolution/Showbiz Pro shell upload exploit
Thank you for this information! Is there already a fix?
[SECURITY] [DSA 3087-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3087-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - - Package: qemu CVE ID : CVE-2014-8106 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6a+deb7u6. We recommend that you upgrade your qemu packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5 ZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I Dd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP PRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4 ArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX pAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk oooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB IxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/ Rhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I Uv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG nGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15 B49r56dZcgZVzKzI8Zix =uUu3 -END PGP SIGNATURE-
[SECURITY] [DSA 3088-1] qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3088-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - - Package: qemu-kvm CVE ID : CVE-2014-8106 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm, a full virtualization solution on x86 hardware. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. For the stable distribution (wheezy), this problem has been fixed in version 1.1.2+dfsg-6+deb7u6. We recommend that you upgrade your qemu-kvm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUgGMDAAoJEAVMuPMTQ89Ei/cP/2lKY3OfHhnTGo09hhk/zTcB GipHKSQJJ1F0tNnRGBou69tfbMI1KEZzRsdxHcw0sFJl+EjfLjStQRkqeSS1t19z JV9u6v3APMA11HkIjP5dG43c2/mrrBTsnDFKOXjRFFxKBZHEsZmuk65FXyH1k7Wl wJ2PTM5AeR6PyfFxHreh4FpZDH9cXNpDjtC2Afe1JUoIx6rX1C0lhz5/12B2mPnR aadzoGTU21IQHFzikCf8MVrScwYkunLOqLuVEaCLDliqMjZF8pAmjcHEr0wAbEwp V7WmJdYoRL1G7LLGrMttlklYlyl4llWmuU0kTMp4q3hVS1zCW/b3qaTu7E0cCpSE H67apsNPz65TkeIw6HJOsXKY4/zzjsJ83mml2o3+Bbfq70K7oP/szwp9TrBPe79W 8mlgAL5NEVbpLYNDsbAYcpKXaRoZlmSEfqzNsDstcVCNgpPdlZoHB+lPlN8ZBJh9 VQnHZwpZ3DwA0JtqO8uOJ4M3HZ58wo3sepfjHNj++PF0Y2QFM7DmLsK0vO6wI9fP 4AOhw+jbE+FEYzKLwEEgT4eRrr/wRtIBUqLmDIusa8+ZTMyHZOAU/nxMVf/xKxTy 9htTQf29wTRA0xYweY3jqZfhOviznZW4tWEAIwp9Y6C6ZJG1rsDuHYE3JM2JICOv 04Z8sgCo36WNm4AMpN6b =mAZ/ -END PGP SIGNATURE-
[oCERT-2014-009] JasPer input sanitization errors
#2014-009 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Affected version: JasPer = 1.900.1 Fixed version: JasPer, N/A Credit: vulnerability report received from the Google Security Team. CVE: CVE-2014-9029 Timeline: 2014-11-19: vulnerability report received 2014-11-20: contacted affected vendors 2014-11-21: assigned CVE 2014-11-27: patch contributed by Tomas Hoger from Red Hat Product Security 2014-12-04: advisory release References: http://www.ece.uvic.ca/~frodo/jasper https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 Permalink: http://www.ocert.org/advisories/ocert-2014-009.html -- Andrea Barisani |Founder Project Coordinator oCERT | OSS Computer Security Incident Response Team lc...@ocert.org http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E Pluralitas non est ponenda sine necessitate
[SECURITY] [DSA 3089-1] jasper security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3089-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - - Package: jasper CVE ID : CVE-2014-9029 Debian Bug : 772036 Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUgHrJAAoJEAVMuPMTQ89EFekP/21TDzhAR4T6eKGUQ6MMigUu XqHkqsFkaP+6oKyVWjgzH38EWANEDDXoi0/T0KORY6uzaJwBQ+DdjHWVHokyN8Iy ynJQ60foV0+h5ZabpUbJc0uLnF8sc9V4AxAeQ+Z/C6lvIdF/kwXMCMFdd+gF3lI6 eZzE0pgBA5I9vJO0YREVXYtPVZ86R8Igy+YtKTBnXjPe2W4Mkc3pb9Dr2ha0eATH ZwNS9R2s6ifpDPHr5xtxAp3j5FDLuCGfswoGFDisW2sWXuRAbG1QKnRXH7uy4MyK DIIyuS+0LMGhym8+DB1KGMMo4MFhVsydSG4vx5zLkxZYahXDp/wMKQGT0lft5q8y 4DN2FYqwgLMDgGsL8AcFIJ40G6iXc4Uug6B0nyRHtKpy8nnnKhxIjnSVe6Q4PFra Bph4CiWsfu9kJUYFk4ukD/kAnILc+RfPwfMGA9t0XKz3WVixfv+vhWMRG90cmmNA 14rsVkkts52RyhAiuhgyxS5UuqE3srNyx64NLMKvIZJuT9Id/V5+ciovZEFsOD7k M05WadrNff5YQTkLjZKNSwkZ2YwaHP7uwJ2euMFBMkOtz8s2GBQnxLWb0A7IYNGC 1pNEXC7a9FHutmFFdYMCc7OP/oUiGZb4qe+rvH3GyLnegTDQZ0MN7oYX3ze5IUYc LDS8UAI8LMV2/X2knxLJ =qpMK -END PGP SIGNATURE-
[SECURITY] [DSA 3090-1] iceweasel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3090-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 04, 2014 http://www.debian.org/security/faq - - Package: iceweasel CVE ID : CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 31.3.0esr-1~deb7u1. For the upcoming stable distribution (jessie), these problems will be fixe soon. For the unstable distribution (sid), these problems have been fixed in version 31.3.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUgH2+AAoJEBDCk7bDfE42fbsP/RpAMD8xmCsoaZ0XIyG8v3XM D71lWnzR1hFZLsOxTLdE9hC/uP+h7cU5VoJKRQC7Dnlq6FHAfo6haZM7jFm2DSUI kazCoUQpCcAe5kzU3ZSuede8VJp+2QBihLF18m0Tv8euKcVhuD/Rc2CtBblr2RRM LqB3UQABknMKMfgN/6IpmHdbYkQCALwqZ2cPUs9PWyzRBhuVuaUfqscObLcqSU10 Ye/XDaYCzIMvfzZHNEH74f0RYoRGByhTfIIL91knx2Zt84esxSbRcTAZsE3FpgL3 ME96YVg7QNJ3FoSbW3X27Etj56ccTfQrxi4mxGsvVVtFqFDwQ61qymaURCmnBpB4 oad9AOMgoRYjaswLonh0pHSaoK3g3POh4HNVGeHF5LTijbn19HIkrRhVWKohdAxy ra6LsN2ll3uQnneDgceK8xbO1Xv+veJsk4UbNiERerzZZtgCvbj1ekaU/Z7qulzI Wiw14dvOV5/m+TK42KS3hoYkBy8pTRPVzEcJpcJcyTY4n9hRzqyuBnAnhRfWSa5P evUcizfGcjIMEKCAB0NumWliyvAcT6xfu7FEu1HLdbef1OUV1rgWOSomXuR0jgCg d7kIsF1V2jkM0fzsCFvMDlBizccPvC28+YdTUBORKyDxIDBd3pydtq71088uxbAX LkWuZqPeLJQOtZgMteuC =JgGE -END PGP SIGNATURE-
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04517477 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04517477 Version: 1 HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-12-04 Last Updated: 2014-12-04 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. References: CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6558 SSRT101770 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running HP JDK and JRE v7.0.10 and earlier. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-4288(AV:N/AC:H/Au:N/C:C/I:C/A:C)7.6 CVE-2014-6456(AV:N/AC:M/Au:N/C:C/I:C/A:C)9.3 CVE-2014-6457(AV:N/AC:H/Au:N/C:N/I:P/A:P)4.0 CVE-2014-6458(AV:L/AC:M/Au:N/C:C/I:C/A:C)6.9 CVE-2014-6466(AV:L/AC:M/Au:N/C:C/I:C/A:C)6.9 CVE-2014-6476(AV:N/AC:L/Au:N/C:N/I:P/A:N)5.0 CVE-2014-6492(AV:N/AC:H/Au:N/C:C/I:C/A:C)7.6 CVE-2014-6493(AV:N/AC:H/Au:N/C:C/I:C/A:C)7.6 CVE-2014-6502(AV:N/AC:H/Au:N/C:N/I:P/A:N)2.6 CVE-2014-6503(AV:N/AC:M/Au:N/C:C/I:C/A:C)9.3 CVE-2014-6504(AV:N/AC:L/Au:N/C:P/I:N/A:N)5.0 CVE-2014-6506(AV:N/AC:M/Au:N/C:P/I:P/A:P)6.8 CVE-2014-6511(AV:N/AC:L/Au:N/C:P/I:N/A:N)5.0 CVE-2014-6512(AV:N/AC:M/Au:N/C:N/I:P/A:N)4.3 CVE-2014-6513(AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6515(AV:N/AC:L/Au:N/C:N/I:P/A:N)5.0 CVE-2014-6517(AV:N/AC:L/Au:N/C:P/I:N/A:N)5.0 CVE-2014-6519(AV:N/AC:L/Au:N/C:N/I:P/A:N)5.0 CVE-2014-6527(AV:N/AC:H/Au:N/C:N/I:P/A:N)2.6 CVE-2014-6531(AV:N/AC:M/Au:N/C:P/I:N/A:N)4.3 CVE-2014-6558(AV:N/AC:H/Au:N/C:N/I:P/A:N)2.6 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version HP-UX B.11.23, B.11.31 JDK and JRE v7.0.11 or subsequent MANUAL ACTIONS: Yes - Update For HP-UX 11i v2 and v3 update to Java v7.0.11 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 === Jdk70.JDK70 Jdk70.JDK70-COM Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jdk70.JDK70-DEMO Jre70.JRE70 Jre70.JRE70-COM Jre70.JRE70-COM-DOC Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.11.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 4 December 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04510081 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04510081 Version: 1 HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-12-05 Last Updated: 2014-12-05 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS). This is the SSLv3 vulnerability known as Padding Oracle on Downgraded Legacy Encryption also known as Poodle, which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in all version 5 HP Insight Remote Support Clients. References: CVE-2014-3566 (SSRT101854) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Remote Support Clients version 5.x BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-3566(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Insight Remote Support version 5 is at the End of Manufacturing Life and will not be updated. HP recommends that customers, if possible, should migrate to Insight Remote Support Version 7.2 which has been updated with a preliminary resolution to the vulnerability. This bulletin will be revised when the final resolution update is available. Please refer to the following Insight Remote Support Version 7.2 documents for recommendations on migrating to Insight Remote Support Version 7.2: http://www.hp.com/go/insightremotesupport/docs HP Insight Remote Support 7.2 Upgrade Guide HP Insight Remote Support 7.2 Release Notes HISTORY Version:1 (rev.1) - 5 December 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlSA/ooACgkQ4B86/C0qfVlwYwCgrrpTwSy8h6IpTSW3k7rkcDtj UyYAoPV2IzWTUD4tKw9z0akZi/YA6q5f =PhY4 -END PGP SIGNATURE-
Offset2lib: bypassing full ASLR on 64bit Linux
Hi, This is a disclosure of a weakness of the ASLR Linux implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. We named this weakness: offset2lib. In this scenario, an attacker is able to de-randomize all mmapped areas (libraries, mapped files, etc.) by knowing only an address belonging to the application and the offset2lib value. We have built a PoC which bypasses on a 64 bit Linux system, the three most widely adopted and effective protection techniques: No-eXecutable bit (NX), address space layout randomization (ASLR) and stack smashing protector (SSP). The exploit obtains a remote shell in less than one second. We have proposed the ASLRv3 which is a small Linux patch which removes the offset2lib weakness. Details of the weakness, steps to exploit the offset2lib weakness, a working proof of concept exploit, recommendations and a demonstrative video has been publish at: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Hector Marco. http://cybersecurity.upv.es
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2014-0012 Synopsis:VMware vSphere product updates address security vulnerabilities Issue date: 2014-12-04 Updated on: 2014-12-04 (Initial Advisory) CVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191, CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and CVE-2013-4238 - 1. Summary VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries. 2. Relevant releases VMware vCenter Server Appliance 5.1 Prior to Update 3 VMware vCenter Server 5.5 prior to Update 2 VMware vCenter Server 5.1 prior to Update 3 VMware vCenter Server 5.0 prior to Update 3c VMware ESXi 5.1 without patch ESXi510-201412101-SG 3. Problem Description a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page while they are logged in into vCenter. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware ProductRunning Replace with/ ProductVersiononApply Patch = ====== = vCSA 5.5any Not Affected vCSA 5.1any 5.1 Update 3 vCSA 5.0any Not Affected b. vCenter Server certificate validation issue vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host. This may allow for a Man-in-the-middle attack against the CIM service. VMware would like to thank The Google Security Team for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8371 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version onApply Patch = === === == vCenter Server 5.5 any 5.5 Update 2 vCenter Server 5.1 any 5.1 Update 3 vCenter Server 5.0 any 5.0 Update 3c c. Update to ESXi libxml2 package libxml2 is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-2877 and CVE-2014-0191 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware ProductRunning Replace with/ ProductVersiononApply Patch = ====== = ESXi 5.5any Patch Pending ESXi 5.1any ESXi510-201412101-SG ESXi 5.0any No patch planned d. Update to ESXi Curl package Curl is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0015 and CVE-2014-0138 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ ProductVersion onApply Patch = === === = ESXi 5.5 any Patch Pending ESXi 5.1 any ESXi510-201412101-SG ESXi 5.0 any No patch planned e. Update to ESXi Python package Python is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1752 and CVE-2013-4238 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in