---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VMware Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39206 VERIFY ADVISORY: http://secunia.com/advisories/39206/ DESCRIPTION: Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious, local users to disclose sensitive information or gain escalated privileges, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a user's system. 1) Two errors in the VMware Tools package for Windows can be exploited to execute arbitrary code or potentially gain escalated privileges. For more information: SA39198 2) An error in the USB service can be exploited to gain escalated privileges on host systems by placing a malicious executable at a certain location on the host. NOTE: This vulnerability cannot be exploited without administrative privileges on recent Windows versions (e.g. Windows XP and Windows Vista). 3) An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image. For more information: SA35346 4) A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code. For more information: SA36712 5) An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash. For more information: SA36988 6) An error in the virtual networking stack can be exploited to disclose potentially sensitive information. For more information: SA39203 7) A format string error in "vmrun" can be exploited to potentially gain escalated privileges. For more information: SA39201 SOLUTION: Update to a fixed version. VMware Workstation 6.5.x: Update to version 6.5.4 build 246459 or later. VMware Workstation 7.0: Update to version 7.0.1 build 227600 or later. VMware Player 2.5.x: Update to version 2.5.4 build 246459 or later. VMware Player 3.0: Update to version 3.0.1 build 227600 or later. VMware ACE 2.5.x: Update to version 2.5.4 build 246459 or later. VMware ACE 2.6: Update to version 2.6.1 build 227600 or later. VMware Fusion 2.x: Update to version 2.0.6 build 246742 or later. PROVIDED AND/OR DISCOVERED BY: 4) Alin Rad Pop, Secunia Research The vendor also credits: 1) Jure Skofic and Mitja Kolsek of ACROS Security 2) Thierry Zoller 4) iDefense and Sebastien Renaud of Vupen 6) Johann MacDonagh 7) Thomas Toth-Steiner ORIGINAL ADVISORY: VMware (VMSA-2010-0007): http://lists.vmware.com/pipermail/security-announce/2010/000090.html Secunia Research: http://secunia.com/secunia_research/2009-36/ http://secunia.com/secunia_research/2009-37/ OTHER REFERENCES: SA35346: http://secunia.com/advisories/35346/ SA36712: http://secunia.com/advisories/36712/ SA36988: http://secunia.com/advisories/36988/ SA39198: http://secunia.com/advisories/39198/ SA39201: http://secunia.com/advisories/39201/ SA39203: http://secunia.com/advisories/39203/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------