Author: Darryl Swofford
Email: dswofford@kpmg.com
Date: 2003/10/31
System:
VMware GSX Server 2.0.1 build-2129 for Windows (other versions not tested). Tested on Windows NT/2000/2003/XP systems.
Description:
After reviewing BugTaq #5294 (VMWare GSX Server Authentication Server Buffer Overflow Vulnerability) I was able to modify the sample code to exploit the updated vmware-authd service.
I will not release the source code as I feel this is not prudent until the vendor acknowledges the issue. Until then you can view the overflow by using telnet with the following syntax and simply alter the code as I did.
>>telnet VMserver.somecompany.com 902
>> 220 VMware Authentication Daemon Version 1.00
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA[viele, viele A's]599 vmware-authd
PANIC: Buffer overflow in VMAuthdSocketRead()
>
Connection to host lost.
Analyses:
It seems that the vmware-authd service limits the input strings of the program when passed correct arguments (USER, PASS, GLOBAL); however the initial readline can be overflowed as it does not control the amount of data passed to it.
Remedy:
Stop and disable the VMware authorization service.
Die Foren-SW läuft ohne erkennbare Probleme. Sollte doch etwas nicht funktionieren, bitte gerne hier jederzeit melden und wir kümmern uns zeitnah darum. Danke!
Bug im GSX Server?
Bug im GSX Server?
Kam gerade über Bugtraq:
Hier die erste Antwort von VMWare:
Betroffen sind also
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Description
- -----------
These VMware server products use a version of OpenSSL for securing remote
management connections that has known vulnerabilities that can expose
systems to denial of service attacks:
- VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336 and
earlier
- VMware ESX Server 2.0 build 5257 and earlier
- VMware ESX Server 1.5.2 (all versions)
Details/Impact
- --------------
Certain ASN.1 encodings and tag values can cause stack corruption and out
of bounds reads in OpenSSL that can be exploited in denial of service
attacks. For details, see
www.openssl.org/news/secadv_20030930.txt
cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336,
VMware ESX Server 2.0 build 5257 and ESX Server 1.5.2 (all versions)
install OpenSSL version 0.9.7b as part of the Management Interface,
Remote Console, and Scripting API packages. OpenSSL version 0.9.7b is
subject to the above vulnerabilities.
Resolutions
- -----------
VMware has made OpenSSL patches available to correct the reported
vulnerabilities. These patches update GSX Server and ESX Server systems
and remote console clients with OpenSSL version 0.9.7c.
VMware stongly urges GSX Server and ESX Server customers to apply the
OpenSSL patches as soon as possible.
GSX Server patch installation instructions are at:
http://www.vmware.com/support/kb/enduse ... faqid=1164
ESX Server patch installation instructions are at:
http://www.vmware.com/support/kb/enduse ... faqid=1167
- ------------------
This document is clear signed with PGP.
VMware has the PGP public key available at
http://www.vmware.com/support/kb/enduse ... faqid=1039
Some mail programs cause changes to mail messages and content, which may result
in an indication that the PGP signature for this message is not valid. This
may also occur if this message is forwarded through another email distribution
list that changes the "From" field. Please try to save the message into a file
and then running PGP on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQE/oqbVLsZLrftG15MRAmQDAJwNXNs2ETQY6iKTF5rsm0WtvDq5AQCgsxhB
fy2fFZbfBWrOgS3LmMi5/gE=
=ived
-----END PGP SIGNATURE-----
Betroffen sind also
- VMware GSX Server 2.5.1 (for Windows and Linux systems) build 5336 and
earlier
- VMware ESX Server 2.0 build 5257 and earlier
- VMware ESX Server 1.5.2 (all versions)
Zurück zu „VMserver 1 und GSX“
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 23 Gäste