[Security-announce] NEW – VMSA-2017-0017 VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues

\n\n–===============6902374675014766952==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary=”_000_BY2PR0501MB1686176C2DEAF250BDEF9F52B9540BY2PR0501MB1686_”

–_000_BY2PR0501MB1686176C2DEAF250BDEF9F52B9540BY2PR0501MB1686_
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ————————————————————————
VMware Security Advisory

Advisory ID: VMSA-2017-0017
Severity: Moderate
Synopsis: VMware vCenter Server update resolves LDAP DoS, SSRF
and CRLF injection issues
Issue date: 2017-11-09
Updated on: 2017-11-09 (Initial Advisory)
CVE number: CVE-2017-4927, CVE-2017-4928
– ————————————————————————

1. Summary

VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF
injection issues

2. Relevant Products

VMware vCenter Server

3. Problem Description

a. VMware vCenter Server LDAP Denial of Service (DoS)

VMware vCenter Server doesn’t correctly handle specially crafted
LDAP network packets which may allow for remote DoS.

VMware would like to thank Honggang Ren of Fortinet’s FortiGuard
Labs for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4927 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
vCenter Server 6.5 Any Moderate 6.5 U1 None
vCenter Server 6.0 Any Moderate 6.0 U3c None
vCenter Server 5.5 Any N/A Not affected N/A

b. SSRF and CRLF injection issues in vSphere Web client

The Flash-based vSphere Web Client (i.e. not the new HTML5-based
vSphere Client) contains server side request forgery (SSRF) and CRLF
injection issues due to improper neutralization of URLs. An attacker
may exploit these issues by sending a POST request with modified
headers towards internal services leading to information disclosure.

VMware would like to thank ricterzheng @ Tencent Yunding Lab for
reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4928 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
vCenter Server 6.5 Any N/A Not affected N/A
vCenter Server 6.0 Any Moderate 6.0 U3c None
vCenter Server 5.5 Any Moderate 5.5 U3f None

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware vCenter Server 6.5 U1
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=3DVC65U1&productId=
=3D614
&rPId=3D17343
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html

VMware vCenter Server 6.0 U3c
Downloads:

https://my.vmware.com/web/vmware/details?productId=3D491&downloadGroup=3DVC=
60U3
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html

VMware vCenter Server 5.5 U3f
Downloads:

https://my.vmware.com/web/vmware/details?productId=3D353&downloadGroup=3DVC=
55U3
F
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4928

– ————————————————————————

6. Change log

2017-11-09 VMSA-2017-0017
Initial security advisory in conjunction with the release of VMware
vCenter Server 6.0 U3c on 2017-11-09.

– ————————————————————————

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2017 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFaBSnMDEcm8Vbi9kMRAsGQAJ0a05xrEK+w7wk6FIY/FoiXvqBgJQCg05y5
QZIQyf2fN70pcVDxOyJ5kkM=3D
=3Dhrk0
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686176C2DEAF250BDEF9F52B9540BY2PR0501MB1686_
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
– ——————————————————————–=
—-
                    =
           VMware Security Advisory
Advisory ID: VMSA-2017-0017
Severity:    Moderate
Synopsis:    VMware vCenter Server update resolves LDAP DoS,=
SSRF 
             and CRLF injection iss=
ues  
Issue date:  2017-11-09 
Updated on:  2017-11-09 (Initial Advisory) 
CVE number:  CVE-2017-4927, CVE-2017-4928
– ——————————————————————–=
—-
1. Summary
   VMware vCenter Server update resolves LDAP DoS, SSRF and =
CRLF 
   injection issues
   
2. Relevant Products
   VMware vCenter Server
3. Problem Description
   a. VMware vCenter Server LDAP Denial of Service (DoS)

   
   VMware vCenter Server doesn’t correctly handle specially =
crafted
   LDAP network packets which may allow for remote DoS.&nbsp=
;
   
   VMware would like to thank Honggang Ren of Fortinet’s For=
tiGuard 
   Labs for reporting this issue to us.
   
   The Common Vulnerabilities and Exposures project (cve.mit=
re.org) has
   assigned the identifier CVE-2017-4927 to this issue.
   Column 5 of the following table lists the action required=
to
   remediate the vulnerability in each release, if a solutio=
n is
   available.
   VMware          Product Running&=
nbsp;          Replace with/  Mitigation
   Product         Version on =
    Severity  Apply patch    Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   vCenter Server  6.5     Any  &nb=
sp;  Moderate  6.5 U1         None
   vCenter Server  6.0     Any  &nb=
sp;  Moderate  6.0 U3c        None
   vCenter Server  5.5     Any  &nb=
sp;  N/A       Not affected   N/A
   
   b. SSRF and CRLF injection issues in vSphere Web client&n=
bsp;
   
   The Flash-based vSphere Web Client (i.e. not the new HTML=
5-based
   vSphere Client) contains server side request forgery (SSR=
F) and CRLF
   injection issues due to improper neutralization of URLs. =
An attacker
   may exploit these issues by sending a POST request with m=
odified
   headers towards internal services leading to information =
disclosure.   
   
   VMware would like to thank ricterzheng @ Tencent Yunding =
Lab for 
   reporting this issue to us.
   
   The Common Vulnerabilities and Exposures project (cve.mit=
re.org) has
   assigned the identifier CVE-2017-4928 to this issue.
   Column 5 of the following table lists the action required=
to
   remediate the vulnerability in each release, if a solutio=
n is
   available.
   VMware          Product Running&=
nbsp;          Replace with/   Mitigatio=
n
   Product         Version on =
    Severity  Apply patch     Workaround

   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
   vCenter Server  6.5     Any  &nb=
sp;  N/A       Not affected    N/A
   vCenter Server  6.0     Any  &nb=
sp;  Moderate  6.0 U3c         None
   vCenter Server  5.5     Any  &nb=
sp;  Moderate  5.5 U3f         None
 
4. Solution
   Please review the patch/release notes for your product an=
d
   version and verify the checksum of your downloaded file.

   
   VMware vCenter Server 6.5 U1
   Downloads:
  
https://my.vmware.com/web/vmware/details?downloadGroup=3DVC65U1&pr=
oductId=3D614
&rPId=3D17343
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html
   
   VMware vCenter Server 6.0 U3c
   Downloads:
  
https://my.vmware.com/web/vmware/details?productId=3D491&downloadG=
roup=3DVC60U3
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html
   
   VMware vCenter Server 5.5 U3f
   Downloads:
  
https://my.vmware.com/web/vmware/details?productId=3D353&downloadG=
roup=3DVC55U3
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html
   
5. References
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-=
4927
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-=
4928
   
– ——————————————————————–=
—-
6. Change log
   2017-11-09 VMSA-2017-0017
   Initial security advisory in conjunction with the release=
of VMware
   vCenter Server 6.0 U3c on 2017-11-09.
– ——————————————————————–=
—-
7. Contact
   E-mail list for product security notifications and announ=
cements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security=
-announce
   This Security Advisory is posted to the following lists:

   
     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org
   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response=
.html
   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   
   VMware Security & Compliance Blog
   https://blogs.vmware.com/security
   Twitter
   https://twitter.com/VMwareSRC
   Copyright 2017 VMware Inc.  All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFaBSnMDEcm8Vbi9kMRAsGQAJ0a05xrEK+w7wk6FIY/FoiXvqBgJQCg05y5

QZIQyf2fN70pcVDxOyJ5kkM=3D
=3Dhrk0
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686176C2DEAF250BDEF9F52B9540BY2PR0501MB1686_–

–===============6902374675014766952==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce

–===============6902374675014766952==–