[Security-announce] NEW VMSA-2018-0029 vSphere Data Protection (VDP) updates address multiple security issues.


Content-Language: en-US

boundary=”_000_SN6PR05MB433555285F97BC815D5DD0CEB1D90SN6PR05MB4335namp_”

–_000_SN6PR05MB433555285F97BC815D5DD0CEB1D90SN6PR05MB4335namp_

Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

– – ———————————————————————–=

VMware Security Advisory

Advisory ID: VMSA-2018-0029

Severity: Critical

Synopsis: vSphere Data Protection (VDP) updates address

multiple security issues.

Issue date: 2018-11-20

Updated on: 2018-11-20 (Initial Advisory)

CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077

1. Summary

vSphere Data Protection (VDP) updates address

multiple security issues.

2. Relevant Products

vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar

Virtual Edition.

3. Problem Description

a. Remote code execution vulnerability.

VDP contains a remote code execution vulnerability. A remote

unauthenticated attacker could potentially exploit this

vulnerability to execute arbitrary commands on the server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11066 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

=
=

VDP 6.1.x VA Critical 6.1.10 None

VDP 6.0.x VA Critical 6.0.9 None

b. Open redirection vulnerability.

VDP contains an open redirection vulnerability. A remote unauthenticated

attacker could potentially exploit this vulnerability to redirect

application users to arbitrary web URLs by tricking the victim users to

click on maliciously crafted links. The vulnerability could be used to

conduct phishing attacks that cause users to unknowingly visit malicious

sites.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11067 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

=
=

VDP 6.1.x VA Important 6.1.10 None

VDP 6.0.x VA Important 6.0.9 None

c. Information exposure vulnerability.

VDP contains an information exposure vulnerability. VDP Java

management console’s SSL/TLS private key may be leaked in the VDP

Java management client package. The private key could potentially be

used by an unauthenticated attacker on the same data-link layer to

initiate a MITM attack on management console users.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11076 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

=
=

VDP 6.1.x VA Important 6.1.9 None

VDP 6.0.x VA Important 6.0.9 None

d. Command injection vulnerability.

The ‘getlogs’ troubleshooting utility in VDP contains an OS command

injection vulnerability. A malicious admin user may potentially be able

to execute arbitrary commands under root privilege.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11077 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

=
=

VDP 6.1.x VA Moderate 6.1.10 None

VDP 6.0.x VA Moderate 6.0.9 None

4. Solution

Please review the patch/release notes for your product and version and

verify the checksum of your downloaded file.

vSphere Data Protection 6.1.10

Downloads and Documentation:

https://my.vmware.com/group/vmware/details?productId491

&downloadGroupVDP6110

https://www.vmware.com/support/pubs/vdr_pubs.html

vSphere Data Protection 6.0.9

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId491

&downloadGroupVDP60_9

https://www.vmware.com/support/pubs/vdr_pubs.html

5. References

https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-11066

https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-11067

https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-11076

https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-11077

– – ———————————————————————–=

6. Change log

2018-11-20 VMSA-2018-0029

Initial security advisory in conjunction with the release of VMware

vSphere Data Protection 6.1.10 on 2018-11-20

– – ———————————————————————–=

7. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com

bugtraq at securityfocus.com

fulldisclosure at seclists.org

E-mail: security at vmware.com

PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security

Twitter

Copyright 2018 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–

Version: Encryption Desktop 10.4.1 (Build 490)

Charset: utf-8

wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78

uNuYj2zthluNsnPjltdQNTQ

UYUq

—–END PGP SIGNATURE—–

–_000_SN6PR05MB433555285F97BC815D5DD0CEB1D90SN6PR05MB4335namp_

Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

 

– – —————————————————=
———————

 

         &=
nbsp;           &nbs=
p;         VMware Security Advisory=

 

Advisory ID: VMSA-2018-0029

Severity:    Critical

Synopsis:    vSphere Data Protection (VD=
P) updates address

         &=
nbsp;   multiple security issues.

Issue date:  2018-11-20

Updated on:  2018-11-20 (Initial Advisory)

CVE number:  CVE-2018-11066, CVE-2018-11067, CVE-2=
018-11076, CVE-2018-11077

  

 

1. Summary

 

   vSphere Data Protection (VDP) updates addr=
ess

   multiple security issues.

 

2. Relevant Products

 

   vSphere Data Protection (VDP). VDP is base=
d on Dell EMC Avamar

   Virtual Edition.

 

3. Problem Description

 

   a. Remote code execution vulnerability.

 

   VDP contains a remote code execution vulne=
rability. A remote

   unauthenticated attacker could potent=
ially exploit this

   vulnerability to execute arbitrary co=
mmands on the server.

 

   The Common Vulnerabilities and Exposures p=
roject (cve.mitre.org) has

   assigned the identifier CVE-2018-11066 to =
this issue.

 

   Column 5 of the following table lists the =
action required to

   remediate the vulnerability in each releas=
e, if a solution is

   available.

 

   VMware      Produ=
ct    Running       &nbsp=
;    Replace with/     Mitigation/

   Product     Version&nb=
sp;   on       Severity  Apply=
Patch       Workaround

     =
    =
    =

   VDP      &nb=
sp;  6.1.x      VA    &nb=
sp;  Critical  6.1.10       &n=
bsp;    None

   VDP      &nb=
sp;  6.0.x      VA    &nb=
sp;  Critical  6.0.9       &nb=
sp;     None

 

 

   b. Open redirection vulnerability.

  

   VDP contains an open redirection vuln=
erability. A remote unauthenticated

   attacker could potentially exploit this vu=
lnerability to redirect

   application users to arbitrary web UR=
Ls by tricking the victim users to

   click on maliciously crafted links. T=
he vulnerability could be used to

   conduct phishing attacks that cause u=
sers to unknowingly visit malicious

   sites.

 

   The Common Vulnerabilities and Exposu=
res project (cve.mitre.org) has

   assigned the identifier CVE-2018-11067 to =
this issue.

 

   Column 5 of the following table lists the =
action required to

   remediate the vulnerability in each releas=
e, if a solution is

   available.

 

   VMware      Produ=
ct    Running       &nbsp=
;    Replace with/     Mitigation/

   Product     Version&nb=
sp;   on       Severity  Apply=
Patch       Workaround

     =
    =
    =

   VDP      &nb=
sp;  6.1.x      VA    &nb=
sp;  Important 6.1.10        &=
nbsp;    None

   VDP      &nb=
sp;  6.0.x      VA    &nb=
sp;  Important 6.0.9        &n=
bsp;     None

 

 

   c. Information exposure vulnerability.

 

   VDP contains an information exposure vulne=
rability. VDP Java

   management console’s SSL/TLS pr=
ivate key may be leaked in the VDP

   Java management client package. The p=
rivate key could potentially be

   used by an unauthenticated attacker o=
n the same data-link layer to

   initiate a MITM attack on management =
console users.

 

   The Common Vulnerabilities and Exposures p=
roject (cve.mitre.org) has

   assigned the identifier CVE-2018-11076 to =
this issue.

 

   Column 5 of the following table lists the =
action required to

   remediate the vulnerability in each releas=
e, if a solution is

   available.

 

   VMware      Produ=
ct    Running       &nbsp=
;    Replace with/     Mitigation/

   Product     Version&nb=
sp;   on       Severity  Apply=
Patch       Workaround

     =
    =
    =

   VDP      &nb=
sp;  6.1.x      VA    &nb=
sp;  Important 6.1.9        &n=
bsp;    None

   VDP      &nb=
sp;  6.0.x      VA    &nb=
sp;  Important 6.0.9        &n=
bsp;    None

 

 

   d. Command injection vulnerability.

 

   The ‘getlogs’ troubleshooting utility in V=
DP contains an OS command

   injection vulnerability. A malicious =
admin user may potentially be able

   to execute arbitrary commands under r=
oot privilege.

 

   The Common Vulnerabilities and Exposures p=
roject (cve.mitre.org) has

   assigned the identifier CVE-2018-11077 to =
this issue.

 

   Column 5 of the following table lists the =
action required to

   remediate the vulnerability in each releas=
e, if a solution is

   available.

 

   VMware      Produ=
ct    Running        &nbs=
p;   Replace with/     Mitigation/

   Product     Version&nb=
sp;   on       Severity  Apply=
Patch       Workaround

     =
    =
    =

   VDP      &nb=
sp;  6.1.x      VA    &nb=
sp;  Moderate  6.1.10       &n=
bsp;    None

   VDP      &nb=
sp;  6.0.x      VA    &nb=
sp;  Moderate  6.0.9       &nb=
sp;     None

 

4. Solution

 

   Please review the patch/release notes for =
your product and version and

   verify the checksum of your downloaded fil=
e.

 

   vSphere Data Protection 6.1.10

   Downloads and Documentation:

   https://my.vmware.com/group/vmware/details=
?productId491

   &downloadGroupVDP6110

   https://www.vmware.com/support/pubs/vdr_pu=
bs.html

 

   vSphere Data Protection 6.0.9

   Downloads and Documentation:

   https://my.vmware.com/web/vmware/details?p=
roductId491

   &downloadGroupVDP60_9

   https://www.vmware.com/support/pubs/vdr_pu=
bs.html

 

 

5. References

 

   https://cve.mitre.org/cgi-bin/cvename.cgi?=
nameCVE-2018-11066

   https://cve.mitre.org/cgi-bin/cvename.cgi?=
nameCVE-2018-11067

   https://cve.mitre.org/cgi-bin/cvename.cgi?=
nameCVE-2018-11076

   https://cve.mitre.org/cgi-bin/cvename.cgi?=
nameCVE-2018-11077

– – —————————————————=
———————-

 

6. Change log

 

   2018-11-20 VMSA-2018-0029

   Initial security advisory in conjunction w=
ith the release of VMware

   vSphere Data Protection 6.1.10 on 2018-11-=
20

 

– – —————————————————=
———————-

7. Contact

 

   E-mail list for product security notificat=
ions and announcements:

   http://lists.vmware.com/cgi-bin/mailman/li=
stinfo/security-announce

 

   This Security Advisory is posted to the fo=
llowing lists:

 

     security-announce at lists.vmw=
are.com

     bugtraq at securityfocus.com

     fulldisclosure at seclists.org=

 

   E-mail: security at vmware.com

   PGP key at: https://kb.vmware.com/kb/1055

 

   VMware Security Advisories

   https://www.vmware.com/security/advisories=

 

   VMware Security Response Policy=

   https://www.vmware.com/support/policies/se=
curity_response.html

 

   VMware Lifecycle Support Phases=

   https://www.vmware.com/support/policies/li=
fecycle.html

 

   VMware Security & Compliance Blog=

   https://blogs.vmware.com/security

 

   Twitter

   https://twitter.com/VMwareSRC

 

   Copyright 2018 VMware Inc.  All right=
s reserved.

 

—–BEGIN PGP SIGNATURE—–

Version: Encryption Desktop 10.4.1 (Build 490)

Charset: utf-8

 

wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv=
8LgCfVk78

uNuYj2zthluNsnPjltdQNTQ

UYUq

—–END PGP SIGNATURE—–

–_000_SN6PR05MB433555285F97BC815D5DD0CEB1D90SN6PR05MB4335namp_–

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce