SANS ISC: Internet Security | DShield

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution.  Here are the two vulnerabilities:

1.  VMWare Descheduled Time Accounting driver:

The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable versions.   This driver is an optional (non-
default) part of the VMware Tools installation.  However, if the following conditions are met and their tools are not upgraded, virtual machines that are migrated from vulnerable releases are still vulnerable if the following three conditions exist:

- The virtual machine is running a Windows operating system.

- The VMware Descheduled Time Accounting driver is installed
in the virtual machine.

- The VMware Descheduled Time Accounting Service is not running
in the virtual machine
 

2.  libpng package for the ESX 2.5.5 Service Console

The libpng package is used for creating and manipulating PNG (Portable Network Graphics) image format files.  A crafted PNG file loaded by an application and linked against libpng could cause the application to crash or to allow arbitrary code execution that would run with the priveleges of the user that is using the application. 

Another flaw addresses PNG images that contain "unknown" chunks.  If an application linked against libpng
attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash.