VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

High Nessus Plugin ID 99102

Synopsis

The remote VMware ESXi host is missing one or more security-related patches.

Description

a. ESXi, Workstation, Fusion SVGA memory corruption

ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host.

VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.

Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902.

b. ESXi, Workstation, Fusion XHCI uninitialized memory usage

The ESXi, Workstation, and Fusion XHCI controller has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

VMware would like to thank ZDI and Team Sniper from Tencent Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.

c. ESXi, Workstation, Fusion uninitialized memory usage

ESXi, Workstation, and Fusion have uninitialized memory usage. This issue may lead to an information leak.

VMware would like to thank ZDI and Team Sniper from Tencent Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2017/000373.html

Plugin Details

Severity: High

ID: 99102

File Name: vmware_VMSA-2017-0006.nasl

Version: 3.18

Type: local

Published: 2017/03/30

Updated: 2019/09/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:6.0, cpe:/o:vmware:esxi:6.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/03/28

Reference Information

CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905

VMSA: 2017-0006