Tag: vCenter Server

VMware vCenter Server Appliance Security Update - Backup and Restore Vulnerability

VMware vCenter Server Appliance – Backup and Restore Vulnerability

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2019-0018 (VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions).

This advisory documents the remediation of one issue, rated with a severity of moderate. Sensitive information disclosure vulnerabilities resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance may allow a malicious actor to intercept sensitive data in transit over FTPS, HTTPS, or SCP.

A man-in-the-middle positioned between vCenter Server Appliance and a backup target may be able to intercept data in transit during File-Based Backup and Restore operations.

The identifiers CVE-2019-5537 (data interception over FTPS and HTTPS) and CVE-2019-5538 (data interception over SCP) were assigned to this vulnerability.

Affected products and resolutions:

  • vCenter Server Appliance 6.7 – update to 6.7 Update 3a
  • vCenter Server Appliance 6.5 – update to 6.5 Update 3d

Remediation of CVE-2019-5537 and CVE-2019-5538 is not enabled by default. After upgrading vCenter Server Appliance, follow the steps in KB75156 (Enabling secure backup and restore in the vCenter Server Appliance) to enforce strict certificate validation.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMware vCenter Server 6.7 Update 2

VMware vCenter Server 6.7 Update 2

Constantin Ghioc Leave a comment

VMware just released a new vCenter Server version: 6.7 Update 2, 6.7.0.30000, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

Read More
Install VCSA 6.7

How to Install VCSA 6.7 (VMware vCenter Server Appliance)

Constantin Ghioc 1 Comment

In this article I will show you how to install VCSA 6.7 (VMware vCenter Server Appliance).

To start, you need an installation kit of vCenter Server Appliance 6.7. For this article, I will use the VCSA 6.7 Update 1 version – VMware-VCSA-all-6.7.0-10244745.iso (the latest available at the time I wrote this article).

Note: If you look for VCSA upgrade instructions, check this article: How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1.

Install VCSA 6.7 (VMware vCenter Server Appliance) – Stage 1

To launch the installer I will use a Windows virtual machine (alternatively you can use a Mac or a Linux system). Unzip the archive and navigate to VMware-VCSA-all-6.7.0-10244745\vcsa-ui-installer\win32 folder. Launch installer.exe and begin to install VCSA 6.7.

Install VCSA 6.7 - installer.exe

Read More

How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

Constantin Ghioc 3 Comments

In a previous article (How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1) I walked through the first phase of the upgrade process for vCSA 6.7 (embedded deployment) – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller. In this article I will cover phase 2 of the vCenter upgrade – transfer the data and setup the newly deployed vCenter Server Appliance.

Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

In the last step of the phase 1, I was presented with the following screen:

Upgrade vCenter Server Appliance from 6.5 to 6.7 - Deploy VCSA Completed

Read More

How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1

Constantin Ghioc Leave a comment

In this article I will show you how to upgrade vCenter Server Appliance running 6.5 to the target version of 6.7. I will upgrade an embedded deployment (as per vCenter Server and Platform Services Controller Deployment Types: all services bundled with the Platform Services Controller are deployed together with the vCenter Server services on the same virtual machine or physical server).

The upgrade procedure consists in two steps:

  1. Stage 1 – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller
  2. Stage 2 – transfer the data and setup the newly deployed vCenter Server Appliance

In this article I will cover Stage 1 (deployment of a new vCSA 6.7). In a later article I will cover Stage 2 (data migration from the old 6.5 vCSA to the new 6.7 vCSA).

Read More

New Security Patch – vCenter Server 6.5 U1g

Constantin Ghioc Leave a comment

VMware released today a new security patch, vCenter Server 6.5 U1g, build number 8024368. This release contains few VMware software fixes, security fixes, and third-party product fixes. The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-8024368.iso, 3.36 GB). Patch is also available through standard online repository.

Updated packages in vCSA (Photon OS):

vCenter Server 6.5 U1g provides part of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (Spectre-2 vulnerability). For more details on this mitigation, see VMware Security Advisory VMSA-2018-0004.3.

The patch also fixes an issue where in some cases the inclusion of an ESXi host into an empty Enhanced vMotion Compatibility (EVC) cluster would fail even though the host met the requirements.

Read More

New Security Patch – vCenter Server 6.5 U1f

Constantin Ghioc Leave a comment

VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).

The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.

Updated packages:

  • linux 4.4.110-2
  • libgcrypt 1.7.6-3
  • c-ares 1.12.0-2
  • ncurses 6.0-8
  • libtasn1 4.12-1
  • wget 1.18-3
  • procmail 3.22-4
  • rsync 3.1.2-4
  • apr 1.5.2-7

Read More

VMware Patches for Spectre

VMware Patches for Spectre

Constantin Ghioc 1 Comment

After releasing the initial security advisory VMSA-2018-0002 to discuss Meltdown and Spectre vulnerabilities, VMware released yesterday the second advisory on the matter – VMSA-2018-0004 – VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue.

VMSA-2018-0004 – Hypervisor-Assisted Guest Remediation

Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for virtual machines. As a result, a patched guest operating system can remediate the Branch Target Injection issue (CVE identifier CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.

Affected VMware products:

  • vCenter Server 5.5, 6.0, 6.5
  • ESXi 5.5, 6.0, 6.5
  • Workstation 12.x (patch planned; update to 12.5.9), 14.x (update to 14.1.1)
  • Fusion 8.x (update to 8.5.10), 10.x (update to 10.1.1)

Read More

How to Update vCenter Server Appliance to 6.5 Update 1d

Constantin Ghioc Leave a comment

VMware recently released vCenter Server 6.5 Update 1d (Build 7312210). You can read more details about this release in my previous article: “New Release – VMware vCenter Server 6.5 Update 1d”. In another article, I showed how to update vCenter Server Appliance using VAMI (vCenter Server Management Interface). The article covers the update to version 6.5 Update 1b, but there is no change in procedure to go to the latest Update 1d.

In this article I will show a different way to update vCenter Server Appliance. I will update vCSA using the appliance shell. This process is as simple as updating through VAMI, but instead of clicking through the user interface, I will execute few commands in remote console.

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

Read More

New Release – VMware vCenter Server 6.5 Update 1d

Constantin Ghioc Leave a comment

VMware released vCenter Server 6.5 Update 1d (Build 7312210) to update few third party packages and to fix plenty of bugs. This release also brings a new icon for vSAN witness appliances.

You can already download the update from my.vmware.com site (login is required).

vCenter Server 6.5 Update 1d

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance). If you need update instructions check these articles: Update vCSA using VAMI and Update vCSA using Appliance Shell.

Issues resolved in vCenter Server 6.5 Update 1d

In vCenter 6.5 Update 1d, VMware updated multiple packages:

  • Oracle (Sun) JRE 1.8.0_141
  • Spring Framework 4.3.9
  • OpenSSL 1.0.2l
  • Tomcat 8.5.15
  • Apache Struts 2.5.13
  • Eclipse Jetty 9.2.22

Read More