====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN049

_____________________________________________________________________

DATE                : 18/02/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Integrated OpenStack with
                              Kubernetes (VIO-K),
               VMware PKS (PKS),
               VMware vCloud Director Container Service Extension (CSE),
               vSphere Integrated Containers (VIC).

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
_____________________________________________________________________

VMSA-2019-0001.1

VMware product updates resolve mishandled file descriptor vulnerability
in runc container runtime.

VMware Security Advisory Advisory ID: VMSA-2019-0001.1
VMware Security Advisory Severity: Important
VMware Security Advisory Synopsis: VMware product updates resolve
mishandled File descriptor vulnerability in runc container runtime.

VMware Security Advisory Issue date: 2019-02-15
VMware Security Advisory Updated on: 2019-02-15
VMware Security Advisory CVE numbers: CVE-2019-5736


1. Summary


VMware product updates resolve mishandled file descriptor vulnerability
in runc container runtime.

2. Relevant Products

- -VMware Integrated OpenStack with Kubernetes (VIO-K)
- -VMware PKS (PKS)
- -VMware vCloud Director Container Service Extension (CSE)
- -vSphere Integrated Containers (VIC)


3. Problem Description


VMware product updates resolve mishandled file descriptor vulnerability
in runc container runtime. Successful exploitation of this issue may
allow a malicious container to overwrite the contents of a host's runc
binary and execute arbitrary code. Exploitation of this vulnerability
requires the attacker to have existing permission to deploy containers
or run docker exec.
Alternatively, an attacker could trick a user with these permissions
into deploying a malicious container or running docker exec for them.


The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2019-5736 to this issue.


Column 5 of the following table lists the action required to remediate
the vulnerability in each release, if a solution is available.


+-----------+-----------+-------+---------+------------------+----------------+
|  VMware   |  Product  |Running|Severity |  Replace_with/   |
Mitigation/   |
|  Product  |  Version  |  On   |         |   Apply_Patch    |
Workaround   |
+-----------+-----------+-------+---------+------------------+----------------+
|VIO-K      |5.x        |Any    |Important|Patch Pending     |None
        |
+-----------+-----------+-------+---------+------------------+----------------+
|PKS        |1.3.x      |Any    |Important|1.3.2             |None
        |
+-----------+-----------+-------+---------+------------------+----------------+
|PKS        |1.2.x      |Any    |Important|1.2.9             |None
        |
+-----------+-----------+-------+---------+------------------+----------------+
|CSE        |1.x        |Any    |Important|1.2.7             |None
        |
+-----------+-----------+-------+---------+------------------+----------------+
|VIC        |1.x        |Any    |Important|Patch Pending     |None
        |
+-----------+-----------+-------+---------+------------------+----------------+

4. Solution

Please review the patch/release notes for your product and version and
verify the checksum of your downloaded file.

VMware PKS 1.3.2

Downloads:
https://network.pivotal.io/products/pivotal-container-service/#/releases/302001
Documentation:
https://docs.vmware.com/en/VMware-Pivotal-Container-Service/1.3/rn/
VMware-PKS-13-Release-Notes.html


VMware PKS 1.2.9

Downloads:

https://network.pivotal.io/products/pivotal-container-service/#/releases/301903

Documentation:
https://docs.vmware.com/en/VMware-Pivotal-Container-Service/1.2/rn/
VMware-PKS-12-Release-Notes.html


VMware vCloud Director Container Service Extension 1.2.7

Downloads:
https://pypi.org/project/container-service-extension/1.2.7/
Documentation:
https://vmware.github.io/container-service-extension/RELEASE_NOTES.html


5. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
https://pivotal.io/security/cve-2019-5736


6. Change log

2019-02-15: VMSA-2019-0001
Initial security advisory following the release of VMware PKS 1.3.2 and
1.2.9 on 2019-02-13.

2019-02-15: VMSA-2019-0001.1
Updated security advisory in conjunction with the release of VMware
vCloud Director Container Service Extension 1.2.7 on 2019-02-15.


7. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce


This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org


E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055


VMware Security Advisories
https://www.vmware.com/security/advisories


VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html


VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html


VMware Security & Compliance Blog
https://blogs.vmware.com/security


Twitter
https://twitter.com/VMwareSRC



Copyright 2019 VMware Inc. All rights reserved.

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================