===================================================================== CERT-Renater Note d'Information No. 2006/VULN295 _____________________________________________________________________ DATE : 05/06/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running VMware Server prior to RC-1. ====================================================================== - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2006-0002 Synopsis: VMware Server sensitive information lifetime issue Advisory URL: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124 Issue date: 2006-06-01 Updated on: 2006-06-01 CVE Name: CVE-2006-2662 Bugzilla Number: pr98108 - ------------------------------------------------------------------- 1. Summary: VMware Server doesn't limit the lifetime of sensitive data. VMware has rated the severity of this issue as a Priority 3 issue according to Vmware's Security Response Policy. 2. Relevant release: VMware Server prior to RC-1. 3. Problem description: When a console connection is made using VMware Server, user credentials are kept in memory. In order for the attacker to obtain information, they must have local access to the system and read access to the memory, or access to memory crash information. This is only a danger if the attacker already has privileged access to your system. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-2662 to this issue. 4. Solution: Upgrade to the latest packages: http://www.vmware.com/download/server/ 7. References: The VMware Server product page at: http://www.vmware.com/products/server/ Understanding Data Lifetime via Whole System Simulation at: http://www.stanford.edu/~blp/papers/taint.pdf 8. Acknowledgments VMware would like to thank Bart Vanautgaerden for reporting this issue. 9. Contact: http://www.vmware.com/security The VMware Security Response Policy http://www.vmware.com/support/policies/security_response.html Copyright 2006 VMware Inc. All rights reserved. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================