[Security-announce] NEW VMSA-2018-0001 vSphere Data Protection (VDP) updates address multiple security issues.

\n\n–===============0869112356781537259==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary=”_000_BY2PR0501MB1686B7E23791BE88DB60DAC4B9190BY2PR0501MB1686_”

–_000_BY2PR0501MB1686B7E23791BE88DB60DAC4B9190BY2PR0501MB1686_
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ————————————————————————

VMware Security Advisory

Advisory ID: VMSA-2018-0001
Severity: Critical
Synopsis: vSphere Data Protection (VDP) updates address
multiple security issues.
Issue date: 2018-01-02
Updated on: 2018-01-02 (Initial Advisory)
CVE number: CVE-2017-15548, CVE-2017-15549, CVE-2017-15550

1. Summary

vSphere Data Protection (VDP) updates address
multiple security issues.

2. Relevant Products

vSphere Data Protection (VDP)

3. Problem Description

a. VDP authentication bypass vulnerability.

VDP contains an authentication bypass vulnerability.
A remote unauthenticated malicious user can potentially bypass
application authentication and gain unauthorized root access
to the affected systems.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-15548 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=
=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
VDP 6.1.x VA Critical 6.1.6 None
VDP 6.0.x VA Critical 6.0.7 None
VDP 5.x VA Critical 6.0.7 None

b. VDP arbitrary file upload vulnerability.

VDP contains a file upload vulnerability. A remote authenticated
malicious user with low privileges could potentially upload arbitrary
maliciously crafted files in any location on the server file system.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-15549 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=
=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
VDP 6.1.x VA Important 6.1.6 None
VDP 6.0.x VA Important 6.0.7 None
VDP 5.x VA Important 6.0.7 None

b. VDP path traversal vulnerability.

VDP contains a path traversal vulnerability. A remote authenticated
malicious user with low privileges could access arbitrary files on
the server file system in the context of the running vulnerable
application.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-15550 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=
=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
VDP 6.1.x VA Important 6.1.6 None
VDP 6.0.x VA Important 6.0.7 None
VDP 5.x VA Important 6.0.7 None

4. Solution

Please review the patch/release notes for your product and version and
verify the checksum of your downloaded file.

vSphere Data Protection 6.1.6
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=3D491
&downloadGroup=3DVDP616
https://www.vmware.com/support/pubs/vdr_pubs.html

vSphere Data Protection 6.0.7
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=3D491
&downloadGroup=3DVDP60_7
https://www.vmware.com/support/pubs/vdr_pubs.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15550

– ————————————————————————-

6. Change log

2018-01-02 VMSA-2018-0001
Initial security advisory in conjunction with the release of VMware
vSphere Data Protection 6.1.6 and 6.0.7 on 2018-01-02

– ————————————————————————-
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2018 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaS7o+DEcm8Vbi9kMRAvUQAKCks102uXDsEOT0AcYwuv0VL9TgCACg0NVl
zLtZQmtSWIS/9wS1zZto3AQ=3D
=3DfHg4
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686B7E23791BE88DB60DAC4B9190BY2PR0501MB1686_
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ————————————————————————

            &nb=
sp;            =
      VMware Security Advisory

Advisory ID: VMSA-2018-0001
Severity:    Critical
Synopsis:    vSphere Data Protection (VDP) updates address
             mu=
ltiple security issues.
Issue date:  2018-01-02
Updated on:  2018-01-02 (Initial Advisory)
CVE number:  CVE-2017-15548, CVE-2017-15549, CVE-2017-15550

1. Summary

   vSphere Data Protection (VDP) updates address
   multiple security issues.

2. Relevant Products

   vSphere Data Protection (VDP)

3. Problem Description

   a. VDP authentication bypass vulnerability.
   
   VDP contains an authentication bypass vulnerability.
   A remote unauthenticated malicious user can potentially bypass=

   application authentication and gain unauthorized root access
   to the affected systems.
 
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-15548 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product   =
Running            =
Replace with/     Mitigation/
   Product     Version    on&n=
bsp;      Severity  Apply Patch  &n=
bsp;    Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D  =3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
   VDP         6.1.x&nbsp=
;     VA       Critical&n=
bsp; 6.1.6          &nbsp=
;  None
   VDP         6.0.x&nbsp=
;     VA       Critical&n=
bsp; 6.0.7          &nbsp=
;  None
   VDP         5.x &=
nbsp;      VA       =
Critical  6.0.7         &=
nbsp;   None
 
 
   b. VDP arbitrary file upload vulnerability.

   VDP contains a file upload vulnerability. A remote authenticat=
ed
   malicious user with low privileges could potentially upload ar=
bitrary
   maliciously crafted files in any location on the server file s=
ystem.
 
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-15549 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product   =
Running            =
Replace with/     Mitigation/
   Product     Version    on&n=
bsp;      Severity  Apply Patch  &n=
bsp;    Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D  =3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
   VDP         6.1.x&nbsp=
;     VA       Important =
6.1.6           &nbs=
p; None
   VDP         6.0.x&nbsp=
;     VA       Important =
6.0.7           &nbs=
p; None
   VDP         5.x &=
nbsp;    VA         =
Important 6.0.7          =
   None
 
 
   b. VDP path traversal vulnerability.

   VDP contains a path traversal vulnerability. A remote authenti=
cated
   malicious user with low privileges could access arbitrary file=
s on
   the server file system in the context of the running vulnerabl=
e
   application.

   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-15550 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product   =
Running            =
Replace with/     Mitigation/
   Product     Version    on&n=
bsp;      Severity  Apply Patch  &n=
bsp;    Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D  =3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
   VDP         6.1.x&nbsp=
;     VA       Important =
6.1.6           &nbs=
p; None
   VDP         6.0.x&nbsp=
;     VA       Important =
6.0.7           &nbs=
p; None
   VDP         5.x &=
nbsp;      VA       =
Important 6.0.7          =
   None
   
   
4. Solution

   Please review the patch/release notes for your product and ver=
sion and
   verify the checksum of your downloaded file.
 
   vSphere Data Protection 6.1.6
   Downloads and Documentation:
   https://my.vmware.com/group/vmware/details?productId=3D491
   &downloadGroup=3DVDP616
   https://www.vmware.com/support/pubs/vdr_pubs.html

   vSphere Data Protection 6.0.7
   Downloads and Documentation:
   https://my.vmware.com/group/vmware/details?productId=3D491
   &downloadGroup=3DVDP60_7
   https://www.vmware.com/support/pubs/vdr_pubs.html
   
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15548=

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15549=

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-15550=

     
– ————————————————————————-=

6. Change log

   2018-01-02 VMSA-2018-0001
   Initial security advisory in conjunction with the release of V=
Mware
   vSphere Data Protection 6.1.6 and 6.0.7 on 2018-01-02

– ————————————————————————-=

7. Contact

   E-mail list for product security notifications and announcemen=
ts:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-anno=
unce

   This Security Advisory is posted to the following lists:
   
     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html=

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
   
   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaS7o+DEcm8Vbi9kMRAvUQAKCks102uXDsEOT0AcYwuv0VL9TgCACg0NVl
zLtZQmtSWIS/9wS1zZto3AQ=3D
=3DfHg4
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686B7E23791BE88DB60DAC4B9190BY2PR0501MB1686_–

–===============0869112356781537259==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce

–===============0869112356781537259==–