[Security-announce] VMSA-2018-0021 Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

VMware Security Announcements security-announce at lists.vmware.com
Tue Aug 14 11:05:32 PDT 2018


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- ------------------------------------------------------------------------

                        VMware Security Advisory



Advisory ID: VMSA-2018-0021

Severity:    Moderate

Synopsis:    Operating System-Specific Mitigations address L1 Terminal

             Fault - OS vulnerability in VMware Virtual Appliances.

Issue date:  2018-08-14

Updated on:  2018-08-14 (Initial Advisory)

CVE number:  CVE-2018-3620



1. Summary



   Operating System-Specific Mitigations address L1 Terminal Fault - OS

   vulnerability in VMware Virtual Appliances.



   The mitigations in this advisory are categorized as Operating System

   Specific Mitigations described by VMware Knowledge Base article

   55636.



2. Relevant Products



   vCloud Usage Meter (UM)

   Identity Manager (vIDM)

   vCenter Server (vCSA)

   vSphere Data Protection (VDP)

   vSphere Integrated Containers (VIC)

   vRealize Automation (vRA)



3. Problem Description



   VMware Virtual Appliance Mitigations address L1 Terminal Fault - OS

   vulnerability. Successful exploitation of this issue may lead to

   local information disclosure of sensitive information. Unaffected

   products lines are documented in KB55807.



   The Common Vulnerabilities and Exposures project (cve.mitre.org) has

   assigned the identifier CVE-2018-3620 to this issue.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware      Product   Running           Replace with/     Mitigation/

   Product     Version   on      Severity  Apply Patch       Workaround

   =========== ========= ======= ========= ================= ==========

   UM        3.x  VA    Moderate  Patch Pending     KB52467

   vIDM            3.x,2.x    VA    Moderate  Patch Pending     KB52284

   vCSA            6.7  VA    Moderate  Patch Pending     KB52312

   vCSA            6.5  VA    Moderate  Patch Pending     KB52312

   vCSA            6.0  VA    Moderate  Patch Pending     KB52312

   vCSA            5.5  VA    N/A      Unaffected        N/A

   VDP             6.x  VA    Moderate  Patch Pending     None

   VIC             1.x  VA    Moderate  Patch Pending     None

   vRA             7.x  VA    Moderate  Patch Pending     KB52377

   vRA             6.x  VA    Moderate  Patch Pending     KB52497



4. Solution



   Pending



5. References



   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620

   https://kb.vmware.com/kb/55807

   https://kb.vmware.com/kb/55636



- ------------------------------------------------------------------------



6. Change log



   2018-08-14: Initial security advisory.



- ------------------------------------------------------------------------



7. Contact



   E-mail list for product security notifications and announcements:

   https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce



   This Security Advisory is posted to the following lists:



    security-announce at lists.vmware.com

    bugtraq at securityfocus.com

    fulldisclosure at seclists.org



   E-mail: security at vmware.com

   PGP key at: https://kb.vmware.com/kb/1055



   VMware Security Advisories

   https://www.vmware.com/security/advisories



   VMware Security Response Policy

   https://www.vmware.com/support/policies/security_response.html



   VMware Lifecycle Support Phases

   https://www.vmware.com/support/policies/lifecycle.html



   VMware Security & Compliance Blog

   https://blogs.vmware.com/security



   Twitter

   https://twitter.com/VMwareSRC



   Copyright 2018 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----



iF0EARECAB0WIQSmJMaUX5+xuU/DnNwMRybxVuL2QwUCW3IF9AAKCRAMRybxVuL2

QyVHAKDqyLm51zUbgGo6hkzd+kjrSsZNagCfc+HDDGmhA4VvtSvyjt68R1lZ0M0=

=l7vK

-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.vmware.com/pipermail/security-announce/attachments/20180814/cd0a2cc9/attachment.html>


More information about the Security-announce mailing list