Jump to content

- - - - -

VMware Fixes Critical Vulnerabilities in ESXi, Workstation and Fusion

  • You cannot start a new topic
  • Please log in to reply
No replies to this topic

#1 Scorpion


    Advanced Member

  • Administrators
  • 96 posts
  • LocationScorpionsMaze

Posted 29 March 2019 - 05:37 PM

VMware released multiple updates today to address five critical severity vulnerabilities in the VMware vSphere ESXi, VMware Workstation Pro / Player, and VMware Fusion Pro / Fusion, two of which were used in their demos by Fluoroacetate during the Pwn2Own 2019 Security Contest.

The first two impact VMware ESXi, Workstation, and Fusion, and were reported by the Fluoroacetate team (Amat Cama and Richard Zhu) after the first and second day of this year's Pwn2Own Security Contest.

Fixed vulnerabilities could lead to code execution and DoS attacks

More exactly, they used an out-of-bounds read/write vulnerability (now tracked as CVE-2019-5518) and a Time-of-check Time-of-use (TOCTOU) vulnerability impacting the virtual USB 1.1 UHCI (Universal Host Controller Interface) (tracked as CVE-2019-5519) to successfully execute code on the host from the guest.

Another out-of-bounds write critical severity vulnerability reported by Zhangyanyu of Chaitin Tech in the e1000 virtual network adapter (CVE-2019-5524) impacts VMware Workstation and Fusion, and may enable a guest to execute code on the host OS code execution.

VMware Workstation and Fusion were also found to be vulnerable to an important severity "out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters" reported by ZhanluLab (tracked as CVE-2019-5515), leading "to code execution on the host from the guest but it is more likely to result in a denial of service of the guest."

An unauthenticated APIs Security security issue caused by unauthenticated APIs open to access via a web socket was found in VMware Fusion, a flaw that would allow potential attackers to trick a host user to run JavaScript code to "perform unauthorized functions on the guest machine where VMware Tools is installed," leading code execution on guest machines.

Software updates available for all vulnerable versions

According to VMware's VMSA-2019-0005 security advisory, this last issue was reported by CodeColorist and Csaba Fitzl, and it is currently being tracked as CVE-2019-5514.

To address all these critical and important severity vulnerabilities, VMware has released patches for ESXi 6.0.0, 6.5.0, and 6.7.0, and the VMware Workstation 15.0.4 & 14.1.7 (Pro and Player) and Fusion 11.0.3 & 10.1.6 software updates.

VMware also released a security advisory detailing a critical severity Remote Session Hijack vulnerability impacting VMware vCloud Director for Service Providers (vCD) version 9.5.x.

This security issue is tracked as CVE-2019-5523, was fixed in the vCD release, and it was reported by Tyler Flaagan, Eric Holm, Andrew Kramer, and Logan Stratton of Dakota State University.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users