Security Experts:

Privilege Escalation, DoS Vulnerabilities Fixed in VMware Products

VMware has released security updates that address several vulnerabilities in vCenter Server, ESXi, Workstation, Player, and Fusion.

VMware ESXi, Workstation, Player and Fusion are plagued by an arbitrary file write flaw that can be exploited for privilege escalation on the host, VMware said in an advisory published on Tuesday. The security hole (CVE-2014-8370) was reported by Shanon Olsson through Japan’s national Computer Security Incident Response Team (CSIRT).

VMware fixes vulnerabilities

“The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System,” VMware noted.

The second issue fixed by the company is a denial-of-service (DoS) vulnerability affecting Workstation, Player, and Fusion. The flaw (CVE-2015-1043), reported by Peter Kamensky from Digital Security, is caused by an input validation issue in the Host Guest File System (HGFS).

A different input validation vulnerability (CVE-2015-1044) that could lead to a DoS on the host affects ESXi, Workstation, and Player. ESXi and Workstation running on Linux are only partially impacted. The bug was reported by Dmitry Yudin through HP’s Zero Day Initiative (ZDI).

VMware has also updated the OpenSSL library in vCenter Server and ESXi

to versions 1.0.1j and 0.9.8zc. The update addresses several vulnerabilities fixed by OpenSSL in mid-October 2014, including the SSL 3.0 flaw known as POODLE.

Finally, the company has updated the libxml2 library in ESXi to version 2.7.6-17 in order to address a DoS flaw (CVE-2014-3660) disclosed last year in October.

“A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior,” reads a description of the vulnerability from RedHat.

The vulnerabilities fixed by VMware affect Workstation 10.x prior to version 10.0.5, Player 6.x prior to version 6.0.5, Fusion 7.x prior to version 7.0.1 and Fusion 6.x prior to version 6.0.5, and vCenter Server 5.5 prior to Update 2d. For ESXi 5.0, 5.1 and 5.5, the company released patches.

On Tuesday, VMware also updated an advisory released in early December. The advisory covers several vulnerabilities affecting the vSphere virtualization platform.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.