VMSA-2017-0017:VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
23512
08 November 2017
08 November 2017
CLOSED
MEDIUM
CVE-2017-4927,CVE-2017-4928
VMSA-2017-0017
VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
VMware Security Advisory
1. Summary
VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
2. Relevant Products
- VMware vCenter Server
3. Problem Description
a. VMware vCenter Server LDAP Denial of Service (DoS).
VMware vCenter Server doesn't correctly handle specially crafted LDAP network packets which may allow for remote DoS.
VMware would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4927 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Workaround
b. SSRF and CRLF injection issues in vSphere Web client
The Flash-based vSphere Web Client (i.e. not the new HTML5-based vSphere Client) contains server side request forgery (SSRF) and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
VMware would like to thank ricterzheng @ Tencent Yunding Lab for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4928 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Workaround
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 6.5 U1
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VC65U1&productId=614&rPId=17343
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html
VMware vCenter Server 6.0 U3c
Downloads:
https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=VC60U3
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html
VMware vCenter Server 5.5 U3f
Downloads:
https://my.vmware.com/web/vmware/details?productId=353&downloadGroup=VC55U3F
Documentation:
https://docs.vmware.com/en/VMware-vSphere/index.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4929
6. Change log
2017-11-09 VMSA-2017-0017
Initial security advisory in conjunction with the release of vCenter Server 6.0 U3c on 2017-11-09.
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2017 VMware Inc. All rights reserved.