VMware

This Question is Answered

1 "helpful" answer available (6 pts)
4 Replies Last post: Nov 5, 2009 5:53 AM by Texiwill  

2009-T-0024 Multiple Vulnerabilities in Linux Kernel posted: Nov 3, 2009 9:53 AM

Click to view bbengtson's profile Novice
bbengtson
5 posts since
Apr 6, 2009

I am trying to create a DISA STIG compliant 3.5 U4 ESX host and coming across this when running the SRR script against my test host. After trying to search online and through the vmware communities I do not see anything out there where this has been patched/mitigated by vmware.

This finding is listed as a category 1 and could possibly prevent us from getting a ATO ot IATO.

ESX version 3.5 update 4

Tags: disa, dod, stig, srr, security;

Re: 2009-T-0024 Multiple Vulnerabilities in Linux Kernel

1. Nov 3, 2009 11:51 AM in response to: bbengtson
Click to view bbengtson's profile Novice
bbengtson
5 posts since
Apr 6, 2009
The kernel for the console operating system is coming up as 2.4.21-58 which is a finding according to the UNIX SRR Checklist Document.

Affected versions

Linux Kernel 2.6.x prior to 2.6.30 -rc2

Linux Kernel 2.4.x prior to 2.4.37.1

CVE-2009-1265 is the listed vunerability

Re: 2009-T-0024 Multiple Vulnerabilities in Linux Kernel

2. Nov 4, 2009 9:51 AM in response to: bbengtson
Click to view Texiwill's profile Guru User Moderators vExpert
Texiwill
10,432 posts since
Jan 13, 2004
Hello,

Remember ESX is NOT LINUX, that is the kernel used for the service console not the kernel used for ESX (which is the vmkernel and the hypervisor). You may have to develop a compensating control as there is NO update for ESX's service console to move the kernel version past that and you can not really update the kernel using a standard RHEL kernel either. This is a RHEL3 U8 system.

This must be a new addition because the last time I ran the UNIX SRR against a 3.5 system that response was not there.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Re: 2009-T-0024 Multiple Vulnerabilities in Linux Kernel

3. Nov 4, 2009 12:21 PM in response to: Texiwill
Click to view bbengtson's profile Novice
bbengtson
5 posts since
Apr 6, 2009

Along with the above post I also received this from vmware.

This issue did not affect the versions of Linux kernel as shipped with ESX as the affected driver is not included nor enabled in these kernels by default. The affected driver is enabled by default in off the shelf Red Hat Enterprise Linux 3. This issue has been rated as having low security impact as it does not lead to a denial of service or privilege escalation. As Red Hat Enterprise Linux 3 is now in Production 3 of its maintenance life-cycle, http://www.redhat.com/security/updates/errata, the fix for this issue is not currently planned to be included in the future updates.


Re: 2009-T-0024 Multiple Vulnerabilities in Linux Kernel

4. Nov 5, 2009 5:53 AM in response to: bbengtson
Click to view Texiwill's profile Guru User Moderators vExpert
Texiwill
10,432 posts since
Jan 13, 2004
Hello,

I would also push back on the UNIX SRR creators to check for the specific driver and not just the version of the kernel. Otherwise it will always be a false positive.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Actions

VMware Beta Programs

Want to be Considered for Future Beta Programs?

Learn More

VMware Developer

Download SDKs, APIs, videos,
training, and more in the Developer community.

Learn More

Developer
Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld
Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

Only VMware ... Delivers Nexus 1000V

Ensure consistent, policy-based network capabilities to virtual machines across your data center.

Learn More

Communities