====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN335
_____________________________________________________________________

DATE                : 10/11/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware vCenter Server.

=====================================================================
https://lists.vmware.com/pipermail/security-announce/2017/000389.html
____________________________________________________________________

- ------------------------------------------------------------------------
                               VMware Security Advisory

Advisory ID: VMSA-2017-0017
Severity:    Moderate
Synopsis:    VMware vCenter Server update resolves LDAP DoS, SSRF
             and CRLF injection issues
Issue date:  2017-11-09
Updated on:  2017-11-09 (Initial Advisory)
CVE number:  CVE-2017-4927, CVE-2017-4928
- ------------------------------------------------------------------------

1. Summary

   VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF
   injection issues

2. Relevant Products

   VMware vCenter Server

3. Problem Description

   a. VMware vCenter Server LDAP Denial of Service (DoS)

   VMware vCenter Server doesn't correctly handle specially crafted
   LDAP network packets which may allow for remote DoS.

   VMware would like to thank Honggang Ren of Fortinet's FortiGuard
   Labs for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2017-4927 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware          Product Running           Replace with/  Mitigation
   Product         Version on      Severity  Apply patch    Workaround
   ==============  ======= ======= ========  =============  ==========
   vCenter Server  6.5     Any     Moderate  6.5 U1         None
   vCenter Server  6.0     Any     Moderate  6.0 U3c        None
   vCenter Server  5.5     Any     N/A       Not affected   N/A

   b. SSRF and CRLF injection issues in vSphere Web client

   The Flash-based vSphere Web Client (i.e. not the new HTML5-based
   vSphere Client) contains server side request forgery (SSRF) and CRLF
   injection issues due to improper neutralization of URLs. An attacker
   may exploit these issues by sending a POST request with modified
   headers towards internal services leading to information disclosure.

   VMware would like to thank ricterzheng @ Tencent Yunding Lab for
   reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2017-4928 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware          Product Running           Replace with/   Mitigation
   Product         Version on      Severity  Apply patch     Workaround
   ==============  ======= ======= ========  =============   ==========
   vCenter Server  6.5     Any     N/A       Not affected    N/A
   vCenter Server  6.0     Any     Moderate  6.0 U3c         None
   vCenter Server  5.5     Any     Moderate  5.5 U3f         None

4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware vCenter Server 6.5 U1
   Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC65U1&productId=614&rPId=17343
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html

   VMware vCenter Server 6.0 U3c
   Downloads:

https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=VC60U3
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html

   VMware vCenter Server 5.5 U3f
   Downloads:

https://my.vmware.com/web/vmware/details?productId=353&downloadGroup=VC55U3
F
   Documentation:
   https://docs.vmware.com/en/VMware-vSphere/index.html

5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4927
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4928

- ------------------------------------------------------------------------

6. Change log

   2017-11-09 VMSA-2017-0017
   Initial security advisory in conjunction with the release of VMware
   vCenter Server 6.0 U3c on 2017-11-09.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2017 VMware Inc.  All rights reserved.

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================