[Security-announce] NEW VMSA-2018-0029 vSphere Data Protection (VDP) updates address multiple security issues.

VMware Security Announcements security-announce at lists.vmware.com
Tue Nov 20 09:19:55 PST 2018


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



- - ------------------------------------------------------------------------



                               VMware Security Advisory



Advisory ID: VMSA-2018-0029

Severity:    Critical

Synopsis:    vSphere Data Protection (VDP) updates address

             multiple security issues.

Issue date:  2018-11-20

Updated on:  2018-11-20 (Initial Advisory)

CVE number:  CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077





1. Summary



   vSphere Data Protection (VDP) updates address

   multiple security issues.



2. Relevant Products



   vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar

   Virtual Edition.



3. Problem Description



   a. Remote code execution vulnerability.



   VDP contains a remote code execution vulnerability. A remote

   unauthenticated attacker could potentially exploit this

   vulnerability to execute arbitrary commands on the server.



   The Common Vulnerabilities and Exposures project (cve.mitre.org) has

   assigned the identifier CVE-2018-11066 to this issue.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware      Product    Running            Replace with/     Mitigation/

   Product     Version    on       Severity  Apply Patch       Workaround

   ==========  =========  =======  ========  ================  ==========

   VDP         6.1.x      VA       Critical  6.1.10            None

   VDP         6.0.x      VA       Critical  6.0.9             None





   b. Open redirection vulnerability.



   VDP contains an open redirection vulnerability. A remote unauthenticated

   attacker could potentially exploit this vulnerability to redirect

   application users to arbitrary web URLs by tricking the victim users to

   click on maliciously crafted links. The vulnerability could be used to

   conduct phishing attacks that cause users to unknowingly visit malicious

   sites.



   The Common Vulnerabilities and Exposures project (cve.mitre.org) has

   assigned the identifier CVE-2018-11067 to this issue.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware      Product    Running            Replace with/     Mitigation/

   Product     Version    on       Severity  Apply Patch       Workaround

   ==========  =========  =======  ========  ================  ==========

   VDP         6.1.x      VA       Important 6.1.10             None

   VDP         6.0.x      VA       Important 6.0.9              None





   c. Information exposure vulnerability.



   VDP contains an information exposure vulnerability. VDP Java

   management console's SSL/TLS private key may be leaked in the VDP

   Java management client package. The private key could potentially be

   used by an unauthenticated attacker on the same data-link layer to

   initiate a MITM attack on management console users.



   The Common Vulnerabilities and Exposures project (cve.mitre.org) has

   assigned the identifier CVE-2018-11076 to this issue.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware      Product    Running            Replace with/     Mitigation/

   Product     Version    on       Severity  Apply Patch       Workaround

   ==========  =========  =======  ========  ================  ==========

   VDP         6.1.x      VA       Important 6.1.9             None

   VDP         6.0.x      VA       Important 6.0.9             None





   d. Command injection vulnerability.



   The 'getlogs' troubleshooting utility in VDP contains an OS command

   injection vulnerability. A malicious admin user may potentially be able

   to execute arbitrary commands under root privilege.



   The Common Vulnerabilities and Exposures project (cve.mitre.org) has

   assigned the identifier CVE-2018-11077 to this issue.



   Column 5 of the following table lists the action required to

   remediate the vulnerability in each release, if a solution is

   available.



   VMware      Product    Running            Replace with/     Mitigation/

   Product     Version    on       Severity  Apply Patch       Workaround

   ==========  =========  =======  ========  ================  ==========

   VDP         6.1.x      VA       Moderate  6.1.10            None

   VDP         6.0.x      VA       Moderate  6.0.9             None



4. Solution



   Please review the patch/release notes for your product and version and

   verify the checksum of your downloaded file.



   vSphere Data Protection 6.1.10

   Downloads and Documentation:

   https://my.vmware.com/group/vmware/details?productId=491

   &downloadGroup=VDP6110

   https://www.vmware.com/support/pubs/vdr_pubs.html



   vSphere Data Protection 6.0.9

   Downloads and Documentation:

   https://my.vmware.com/web/vmware/details?productId=491

   &downloadGroup=VDP60_9

   https://www.vmware.com/support/pubs/vdr_pubs.html





5. References



   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077

- - -------------------------------------------------------------------------



6. Change log



   2018-11-20 VMSA-2018-0029

   Initial security advisory in conjunction with the release of VMware

   vSphere Data Protection 6.1.10 on 2018-11-20



- - -------------------------------------------------------------------------

7. Contact



   E-mail list for product security notifications and announcements:

   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce



   This Security Advisory is posted to the following lists:



     security-announce at lists.vmware.com

     bugtraq at securityfocus.com

     fulldisclosure at seclists.org



   E-mail: security at vmware.com

   PGP key at: https://kb.vmware.com/kb/1055



   VMware Security Advisories

   https://www.vmware.com/security/advisories



   VMware Security Response Policy

   https://www.vmware.com/support/policies/security_response.html



   VMware Lifecycle Support Phases

   https://www.vmware.com/support/policies/lifecycle.html



   VMware Security & Compliance Blog

   https://blogs.vmware.com/security



   Twitter

   https://twitter.com/VMwareSRC



   Copyright 2018 VMware Inc.  All rights reserved.



-----BEGIN PGP SIGNATURE-----

Version: Encryption Desktop 10.4.1 (Build 490)

Charset: utf-8



wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78

uNuYj2zthluNsnPjltdQNTQ=

=UYUq

-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.vmware.com/pipermail/security-announce/attachments/20181120/8025c07a/attachment.html>


More information about the Security-announce mailing list