HighRealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, Proventia Network IPS, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier:
A malformed DHCP packet sent to a particular DHCP server results in an integer underflow on a value that is later used as a size to copy data. This results in a stack-based buffer overflow and ultimately remote code execution.
High
RealSecure Server Sensor: XPU 24.58, RealSecure Network: XPU 24.58, BlackICE PC Protection: 3.6cqd, BlackICE Server Protection: 3.6.cqd, Proventia Network IPS: XPU 1.97, Proventia Server IPS for Linux technology: 1.97, Proventia Desktop: 1980, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1980, Proventia Network MFS: XPU 1.97, Proventia-G 1.1 and earlier: XPU 24.58
Gentoo Linux, RedHat Enterprise Linux: 2.1 AS, RedHat Enterprise Linux: 2.1 ES, RedHat Linux Advanced Workstation: 2.1 Itanium, Canonical Ubuntu: 6.10, VMware ESX Server: 3.0.0, VMware Workstation: 5.5.1, Canonical Ubuntu: 6.06 LTS, VMware ESX Server: 3.0.1, Canonical Ubuntu: 7.04, VMware Workstation: 6.0, VMware ESX Server: 2.5.4, VMware ESX Server: 2.1.3, VMware Player: 1.0, VMware Player: 1.0.5_build_56455, VMware Player: 2.0.1_build_55017, VMware Server: 1.0.4_build_56528, VMware Workstation: 5.5, VMware Workstation: 5.5.3, VMware Workstation: 5.5.3_build_34685, VMware Workstation: 5.5.5_build_56455, VMware Workstation: 6.0.1_build_55017, VMware ESX Server: 2.0.2, VMware ACE: 1.0, VMware ACE: 1.0.3_build_54075, VMware ACE: 2.0.1_build_55017, VMware ESX Server: 2.5.3
Unauthorized Access Attempt
VMware Player, Workstation, Server, and ACE are vulnerable to a stack-based buffer overflow in the built-in Dynamic Host Configuration Protocol (DHCP) server caused by an integer underflow. By sending a malformed DHCP packet, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
For VMware Workstation 6.0.0:
Upgrade to the latest version of VMware Workstation (6.0.1 Build 55017 or later), available from the VMware Web site. See References.
For VMware Workstation 5.5.4:
Upgrade to the latest version of VMware Workstation (5.5.5 Build 56455 or later), available from the VMware Web site. See References.
For VMware Player 2.0.0:
Upgrade to the latest version of VMware Player (2.0.1 Build 55017 or later), available from the VMware Web site. See References.
For VMware Player 1.0.4:
Upgrade to the latest version of VMware Player (1.0.5 Build 56455 or later), available from the VMware Web site. See References.
For VMware Server 1.0.3:
Upgrade to the latest version of VMware Server (1.0.4 Build 56528 or later), available from the VMware Web site. See References.
For VMware ACE 2.0.0:
Upgrade to the latest version of VMware ACE (2.0.1 Build 55017 or later), available from the VMware Web site. See References.
For VMware ACE 1.0.3:
Upgrade to the latest version of VMware ACE (1.0.4 Build 54075 or later), available from the VMware Web site. See References.
For other distributions:
Apply the appropriate update for your system. See References.
VMware, Inc. Web site
VMware Workstation 6.0 Release Notes
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
VMware, Inc. Web site
Download VMware Workstation for multiple operating systems
http://www.vmware.com/download/ws/
IBM Internet Security Systems Protection Advisory, Sept. 19, 2007
VMWare DHCP Server Remote Code Execution Vulnerabilities
http://www.iss.net/threats/275.html
VMware, Inc. Web site
VMware Workstation Download Archive
http://www.vmware.com/download/ws/ws5.html
VMware, Inc. Web site
Download VMware ACE
http://www.vmware.com/download/ace/
VMware, Inc. Web site
Download VMware Player
http://www.vmware.com/download/player/
VMware, Inc. Web site
VMware Player 2.0 Release Notes
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
VMware, Inc. Web site
VMware ACE 2.0 Release Notes
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
VMware, Inc. Web site
Workstation 5.5 Release Notes
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
VMWare, Inc. Web site
VMware Player Release Notes
http://www.vmware.com/support/player/doc/releasenotes_player.html
Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0356.html
VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
http://lists.vmware.com/pipermail/security-announce/2007/000001.html
USN-543-1
linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities
http://www.ubuntu.com/usn/usn-543-1
GLSA 200711-23
VMware Workstation and Player: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml
ISS X-Force
Multiple VMware products DHCP server integer underflow
http://www.iss.net/security_center/static/33103.php
CVE
CVE-2007-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063