-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0127 Title: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates Version history: 19.11.2012 Initial publication Summary ======= VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities. CVE-2012-4897, CVE-2012-5050, CVE-2012-5051 Vulnerable systems ================== vCenter Operations prior to 5.0.x vCenter CapacityIQ 1.5.x Movie Decoder prior to 9.0 Original Details ================ a. VMware Movie Decoder Installer binary planting vulnerability The installer of the VMware Movie Decoder has a binary planting vulnerability. An attacker who can write their malicious executable to the same folder as where the installer of the Movie Decoder is located may be able to run their code when the installation is started. VMware would like to thank Mitja Kolsek of ACROS Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4897 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= Movie Decoder 7.x Windows Movie Decoder 9.0 Movie Decoder 6.x Windows Movie Decoder 9.0 Movie Decoder 5.x Windows Movie Decoder 9.0 b. vCenter Operations cross-site scripting vulnerability The vCenter Operations server contains a cross-site scripting vulnerability that allows an attacker to steal an administrator's session cookie. To exploit this vulnerability, the attacker must convince the administrator to click on a malicious link. VMware would like to thank Alexander Minozhenko of ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5050 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCOps 5.0.x any not affected vCops 1.0.x any affected, update to vCOps 5.0.x c. vCenter CapacityIQ path traversal vulnerability vCenter CapacityIQ contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files. VMware would like to thank Alexander Minozhenko of ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5051 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCOps 5.0.x any not affected CapacityIQ 1.5.x any affected, update to vCOps 5.0.x What can you do? ================ Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Operations 5.0.x --------------------------- Download link https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_management/vmware_vcenter_operations/5_0 Release Notes https://www.vmware.com/support/pubs/vcops-pubs.html Movie Decoder 9.0 ----------------- Download link https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/9_0#drivers_t What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/security/advisories/VMSA-2012-0014.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4897 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5050 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5051 [5] More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html [6] https://my.vmware.com/web/vmware/downloads Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQqgddAAoJEPpzpNLI8SVoee4P+wcpNT+QnZPstsbl1TayUMI3 nSVwdeQv49RRCVPgY/zo5kcv4HoQUwVvOdQtmrUv1uiPyD3b3gDcHiYLA1axzTY7 W2twSfQMIa1nxKiexVQujyu8w+WzNaH4Rkhw9Wmlq4lonOwnLT+mqw6unq3Mivzc 1asur7xzsyaQccfmuGQJYQbJpDQ6D7j2UFFB1Cqz0ScTv5Pmyp1EhuNl7Xe3Rzyp 3pLS0NIDAnHaPscHTpCY0dBgmMCb7x2bvpWVdX3RtHPt22pVJI+y31LbEkU+xqdU uIp6eLxv7AbdsbfE4MeYJAu+YU82P5NyyRmWGMp6Ky1NVxPwsno+5cNwdrOiNxCR +4jeqaf7PnqOhwPSs5eyKh9J/g+LsHbnPfNY3AalYdudbInN9JlN+0nA9JF78bmT 1RqIzd/9SRHKv3RmSoLiE5EAMEKo/MBjbOrBbguHy8MNQF1NO6VnX24gN16GpxNJ cGcu65fcJBkUZkn7dK/puSrpINWs6VcG42CkOd6AwZqc232FRMBiI5ZnUk0jfcbK T80kuZlgEezdKKLQny4QlJW5D03JJcmwJunuhrPxmKgIvNjwnkc9wJDlsnh9ZzIv hrj3ZV0bt3B3XYHnQv1PRQbRzz7QHerVXZXfb4d/nvUd3gA6gqFcNqF0R83IVuWz re7p0Kl47Ug62ybLw4CD =L5df -----END PGP SIGNATURE-----