exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2018-0019

VMware Security Advisory 2018-0019
Posted Aug 7, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.

tags | advisory
systems | windows
advisories | CVE-2018-6970
SHA-256 | 385a32a354e5763da083e0319e829987289cae6c6cdc57abfeeb881a4c54f160
Download | Favorite | View

VMware Security Advisory 2018-0019

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity:    Important
Synopsis:    Horizon 6, 7, and Horizon Client for Windows updates
             address an out-of-bounds read vulnerability
Issue date:  2018-08-07
Updated on:  2018-08-07 (Initial Advisory)
CVE number:  CVE-2018-6970


1. Summary

   Horizon 6, 7, and Horizon Client for Windows updates address an
   out-of-bounds read vulnerability

2. Relevant Releases

   VMware Horizon 6
   VMware Horizon 7
   VMware Horizon Client for Windows

3. Problem Description

   Horizon 6, 7, and Horizon Client for Windows contain an out-of-
   bounds read vulnerability in the Message Framework library.
   Successfully exploiting this issue may allow a less-privileged user
   to leak information from a privileged process running on a system
   where Horizon Connection Server, Horizon Agent or Horizon Client are
   installed.

   Note: This issue doesnt apply to Horizon 6, 7 Agents installed on
   Linux systems or Horizon Clients installed on non-Windows systems.

   VMware would like to thank Steven Seeley (mr_me) of Source Incite
   working with Trend Micro's Zero Day Initiative for reporting this
   issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6970 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware        Product Running           Replace with/    Mitigation/
   Product       Version on      Severity  Apply patch      Workaround
   ===========   ======= ======= ========= =============    ==========
   Horizon 7      7.x.x  Windows Important     7.5.1           None
   Horizon 6      6.x.x  Windows Important     6.2.7           None
   Horizon Client 4.x.x  Windows Important     4.8.1           None
   for Windows    & prior

4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Horizon 7 version 7.5.1
   Downloads and Documentation:
   https://my.vmware.com/en/web/vmware/info/slug/
   desktop_end_user_computing/vmware_horizon/7_5

   VMware Horizon 6 version 6.2.7
   Downloads and Documentation:
   https://my.vmware.com/group/vmware/info?slug=
   desktop_end_user_computing/vmware_horizon/6_2

   VMware Horizon Client for Windows 4.8.1
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/details?productId=
   578&downloadGroup=CART19FQ2_WIN_4_8_1


5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6970
- -----------------------------------------------------------------------

6. Change log

   2018-08-07 VMSA-2018-0019
   Initial security advisory in conjunction with the release of VMware
   Horizon 6 version 6.2.7 and Horizon Client 4.8.1 on 2018-08-07
- -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce at lists.vmware.com
     bugtraq at securityfocus.com
     fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFbagjVDEcm8Vbi9kMRAqkDAJ0amQwAS/4/EaV+vGVSk1Ape1e1pQCg8BYa
+gHvsQNiDQvJ825BxU16ayE=
=b2UO
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close