HackDig : Dig high-quality web security articles for hackers

NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability

2016-10-07 08:40
?-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2016-0015
Severity: Important
Synopsis: VMware Horizon View updates address directory traversal
vulnerability
Issue date: 2016-10-06
Updated on: 2016-10-06 (Initial Advisory)
CVE number: CVE-2016-7087

1. Summary

VMware Horizon View updates address directory traversal vulnerability.

2. Relevant Products

VMware Horizon View

3. Problem Description

VMware Horizon View updates address directory traversal vulnerability

VMware Horizon View contains a vulnerability that may allow for a directory
traversal on the Horizon View Connection Server. Exploitation of this issue
may lead to a partial information disclosure.

VMware would like to thank Mike Arnold (Bruk0ut) working with Trend Micro's
Zero Day Initiative for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-7087 to this issue.

Column 5 of the following table lists the action required to remediate the
vulnerability in each release, if a solution is available.

VMware Product Running Replace with/
Product Version on Severity Apply Patch Workaround
=================== ======= ======= ========= ============= ==========
VMware Horizon View 7.x Windows Important 7.0.1 None
VMware Horizon View 6.x Windows Important 6.2.3 None
VMware Horizon View 5.x Windows Important 5.3.7 None

4. Solution

Please review the patch/release notes for your product and version and
verify the checksum of your downloaded file.

VMware Horizon View 7.0.1
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_0

VMware Horizon View 6.2.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/6_2

VMware Horizon View 5.3.7
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_with_view/5_3

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087

- ------------------------------------------------------------------------

6. Change log

2016-10-06 VMSA-2016-0015 Initial security advisory in conjunction with the
release of VMware Horizon View 5.3.7 on 2016-10-06.

- ------------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC

Copyright 2016 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iEYEARECAAYFAlf2r08ACgkQDEcm8Vbi9kOESACg4jzeuOyzRC9d003QAQvWcqsx
XZ4Amwb1CE+JmZUM/LSl2uBxZQdxEauK
=G7kh
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 52/tcO/6102/erusolcsidlluf/gro.stsilces

Read:4717 | Comments:0 | Tags: Vulnerability

“NEW VMSA-2016-0015 - VMware Horizon View updates address directory traversal vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud