-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0047

Title: Multiple vulnerabilities in VMWare ESX [1]

Version history:
30.03.2012 Initial publication

Summary
=======
VMware ESXi and ESX address several security issues:
- - VMware ROM Overwrite Privilege Escalation
- - ESX third party update for Service Console kernel
- - ESX third party update for Service Console krb5 RPM

These vulnerabilities may lead to unauthorised access to the targeted
Virtual Machines or cause a denial of service.

CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862

Vulnerable systems
==================
ESXi 4.1 without patch ESXi410-201101201-SG
ESXi 4.0 without patch ESXi400-201203401-SG
ESXi 3.5 without patch ESXe350-201203401-I-SG


ESX 4.1 without patch ESX410-201101201-SG
ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
ESX 3.5 without patch ESX350-201203401-SG

Original Details
================
*CVE-2012-1515
VMware ROM Overwrite Privilege Escalation

A flaw in the way port-based I/O is handled allows for modifying
Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation
of this issue may lead to privilege escalation on Guest Operating
Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003
32-bit or Windows Server 2003 R2 32-bit.

*CVE-2011-2482, CVE-2011-3191 and CVE-2011-4348
ESX third party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated to
kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the
COS kernel.

*CVE-2011-4862
ESX third party update for Service Console krb5 RPM

This patch updates the krb5-libs and krb5-workstation RPMs to version
1.6.1-63.el5_7 to resolve a security issue.

By default, the affected krb5-telnet and ekrb5-telnet services do not
run. The krb5 telnet daemon is an xinetd service. You can run the
following commands to check if krb5 telnetd is enabled:

    /sbin/chkconfig --list krb5-telnet
    /sbin/chkconfig --list ekrb5-telnet

Work-around:
You can run the following commands to disable krb5 telnet daemon:

    /sbin/chkconfig krb5-telnet off
    /sbin/chkconfig ekrb5-telnet off

What can you do?
================
Fix is available [1].


What to tell your users?
========================
N/A

More information
================
[1] http://www.vmware.com/security/advisories/VMSA-2012-0006.html
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1515
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4348
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
[7] Information about CVSS: http://www.first.org/cvss/cvss-guide.html

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in
its setup phase, until May 2012. Services are provided in a pilot
fashion, and are not yet fully functional. Announcements, alerts and
warnings are sent out in best  effort manner, and to contact information
currently known to us. We apologise if you are not the correct
recipient, or if you had already been warned about this issue from
another source . Format, content and way of alerting are subject  to
change in the future. Contact information or even the team name may
change as well.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPdboCAAoJEPpzpNLI8SVoMR4P/RVVt4meu0Yl8H10/ATFIBzA
pUPFVJvf40exZ+F9INY+z+iiJ+2V4CdfQj7tIuIaZElR/ux0flKV7jAgc7euU4Ei
FGv9zP4YuRxJJXs58QrjaumCBbsz0rrf14eDOg8STFY3Z+m/kaa358380zfiSC0p
T3knAdqNX093F4RwZUKXgEUOXPCuVkkOc1er+IzBEugTVVsDG82b607oBy1dk0vJ
YhNMIAxEYxr+9i2TMxw75nt3OwctwFNXC8Fd8oJY1WSPZqhEh7CxpR34z07HpkSH
NHY27W5V8NHpJ+YjIxoN5h2HrtStgInub0t098g93GqIQY6uOL6PDZOC/sVKlE1Q
eDTVaIrY4UqA2WnFSr8k77Ff7hiiXoLA1CmUKEKrR1jNgJhdxjHqWemyikBZPSQm
J2LYuX1YOeIJjPqoWjk8zvrBoFFBPg+DQXhBIGPjWJCQ4XCYEiRBJtHo20i+FwGK
sMl3ULDtqQZGqSOgE+mTekkxWg0PU1zsGohW3xV7nQSXUcR7ASAVZz7g13MDwAFE
POUIQA0wEtNvuA/Jkf5Ws3mFw/Pr196RbKqitg51KU6PDRDg7D199y5Z3XoYB1zb
ve2DxAg4S2Vbu9FjA7kWPajQvBUNvzl4lVfAynLsetotRjxVrzw8pU7a3llcpU1S
j8eYPH0jEeq3VxH8w+vy
=glQ6
-----END PGP SIGNATURE-----