Tag: security

New Security Patch – vCenter Server 6.5 U1f

Constantin Ghioc Leave a comment

VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).

The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.

Updated packages:

  • linux 4.4.110-2
  • libgcrypt 1.7.6-3
  • c-ares 1.12.0-2
  • ncurses 6.0-8
  • libtasn1 4.12-1
  • wget 1.18-3
  • procmail 3.22-4
  • rsync 3.1.2-4
  • apr 1.5.2-7

Read More

VMSA-2018-0003

VMware Security Advisory – VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console

Constantin Ghioc Leave a comment

VMware has released a new security advisory: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities.

This advisory documents the remediation of two issues: one critical (deserialization vulnerability which may allow code execution in vRealize Automation and vSphere Integrated Containers) and one important (a cross site request forgery vulnerability when accessing the App Catalog in AirWatch Console).

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0005 – Workstation and Fusion Updates

Constantin Ghioc Leave a comment

VMware has released a new security advisory: VMSA-2018-0005 – VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.

This advisory documents the remediation of two issues: one critical (use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled) and one important (an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled).

Read More

VMware Patches for Spectre

VMware Patches for Spectre

Constantin Ghioc 1 Comment

After releasing the initial security advisory VMSA-2018-0002 to discuss Meltdown and Spectre vulnerabilities, VMware released yesterday the second advisory on the matter – VMSA-2018-0004 – VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue.

VMSA-2018-0004 – Hypervisor-Assisted Guest Remediation

Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for virtual machines. As a result, a patched guest operating system can remediate the Branch Target Injection issue (CVE identifier CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.

Affected VMware products:

  • vCenter Server 5.5, 6.0, 6.5
  • ESXi 5.5, 6.0, 6.5
  • Workstation 12.x (patch planned; update to 12.5.9), 14.x (update to 14.1.1)
  • Fusion 8.x (update to 8.5.10), 10.x (update to 10.1.1)

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0001 – vSphere Data Protection

Constantin Ghioc Leave a comment

I know you are all busy patching Meltdown and Spectre, but let’s not forget about a security advisory that VMware released so early this year, on 2nd January 2018: VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues.

This advisory documents the remediation of three important issues: a VDP authentication bypass vulnerability, VDP arbitrary file upload vulnerability, and a VDP path traversal vulnerability.

Same day, VMware released a new vSphere Data Protection version, 6.1.6, which among other goodies fixes all the vulnerabilities from the current advisory.

Read More

VMSA-2018-0003

VMware Security Advisory VMSA-2018-0003

Constantin Ghioc Leave a comment

VMware has released a new security advisory: VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

This advisory documents the remediation of three important issues: a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents, an out-of-bounds read issue that occurs via Cortado ThinPrint and affects Workstation and Horizon View Client, and a guest access control vulnerability which affects Workstation and Fusion.

Read More

VMSA-2018-0002 Meltdown and Specter

VMware Security Advisory VMSA-2018-0002 – Meltdown and Spectre Vulnerabilities

Constantin Ghioc 11 Comments

Google Project Zero released yesterday information about two vulnerabilities with impact to major processors vendors: Meltdown (CVE-2017-5754 – rogue data cache load) and Spectre (CVE-2017-5753 – bounds check bypass & CVE-2017-5715 – branch target injection). Among other organizations, VMware released a security advisory: VMSA-2018-0002 – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

How to patch your vCenter / ESXi infrastructure against speculative execution vulnerabilities (Meltdown and Spectre). Products, versions, patches, order of upgrade, dependencies, warnings. VMware Patches for Spectre

Meltdown and Spectre Overview

Meltdown breaks the isolation between user applications and the operating system, and allows an application to access all system memory (this includes kernel allocated memory). Meltdown affects a range of  Intel processors.

Spectre breaks the memory isolation between different applications, and allows an application to force another application to access arbitrary portions of its memory. Spectre affects a wide range of processors: Intel, AMD, and ARM.

“Both of these vulnerabilities are hardware level vulnerabilities that exist because of a flaw in CPU architecture. They are very serious vulnerabilities because they are operating system and software independent. The long term fix for both of these issues will require that CPU makers change the way their chips work, which means redesigning and releasing new chips.” – Defiant

You can find more information on both vulnerabilities on spectreattack.com. For comprehensive technical details, you can refer to these academic papers: Meltdown and Spectre.

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0021

Constantin Ghioc Leave a comment

VMware has released a new security advisory: “VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities”.

Among affected products, we find vCenter Server Appliance 6.5, ESXi (5.5, 6.0, and 6.5), Workstation 12.x, and Fusion 8.x.

VMSA-2017-0021 – ESXi, Workstation, and Fusion stack overflow via authenticated VNC session

CVE-2017-4941 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. A successful exploitation will result in remote code execution in a virtual machine via the authenticated VNC session. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.

Affected products and versions:

  • ESXi 5.5 and 6.0 (install patches ESXi550-201709101-SG or ESXi600-201711101-SG)
  • Workstation 12.x (upgrade to version 12.5.8)
  • Fusion 8.x (upgrade to version 8.5.9)

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0020

Constantin Ghioc Leave a comment

VMware has released a new security advisory: “VMSA-2017-0020 – VMware AirWatch Console updates address Broken Access Control vulnerability”.

VMware AirWatch Console has a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.

Common Vulnerabilities and Exposures project has assigned the identifier CVE-2017-4942 to this issue.

The vulnerability consists of two distinct issues which, together, could allow a tenant to accidentally come into contact with another tenant’s device details. The first issue occurs as the result of a UI issue present under certain conditions, which may lead to the display of an incorrect device’s details. The second issue occurs when the device details are incorrectly displayed to the unauthorized administrator, which results from a missing access control check performed on the request.

AirWatch Console 9.2.2 (released on 5th December) resolved the issue. For more details on this version you can check KB115015625647 (please note you need to login) and the release notes.

For shared SaaS environments, no action is required as all shared SaaS environments have been patched for this vulnerability. For dedicated SaaS and On-Premises, patches have been made available for all AirWatch Console versions 9.0.1 and up.

VMware has also released a workaround for customers who are unable to immediately apply the patch. You can check it in KB115015676547.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMware Security Advisory

VMware Security Advisories VMSA-2017-0018.1 and VMSA-2017-0019

Constantin Ghioc Leave a comment

VMware has released information on few vulnerabilities covering Workstation, Player, Fusion, Horizon View Client and NSX: “VMware Security Advisory VMSA-2017-0018.1 – VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities” and “VMware Security Advisory VMSA-2017-0019 – NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue”.

Read More