VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

high Nessus Plugin ID 99102
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote VMware ESXi host is missing one or more security-related patches.

Description

a. ESXi, Workstation, Fusion SVGA memory corruption

ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host.

VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.

Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902.

b. ESXi, Workstation, Fusion XHCI uninitialized memory usage

The ESXi, Workstation, and Fusion XHCI controller has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

VMware would like to thank ZDI and Team Sniper from Tencent Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.

c. ESXi, Workstation, Fusion uninitialized memory usage

ESXi, Workstation, and Fusion have uninitialized memory usage. This issue may lead to an information leak.

VMware would like to thank ZDI and Team Sniper from Tencent Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2017/000373.html

Plugin Details

Severity: High

ID: 99102

File Name: vmware_VMSA-2017-0006.nasl

Version: 3.19

Type: local

Published: 3/30/2017

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:6.0, cpe:/o:vmware:esxi:6.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2017

Reference Information

CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905

VMSA: 2017-0006