New VMware Security Advisory VMSA-2017-0017

New VMware Security Advisory VMSA-2017-0017

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Today VMware has released the following new security advisory:

VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues

This documents the remediation of two moderate severity issues, CVE-2017-4927 and CVE-2017-4928. These issues affect VMware vCenter Server.

Issue (a) CVE-2017-4927: VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS. This issue affects vCenter Server 6.5 and 6.0. vCenter Server 6.5 U1 and 6.0 U3c fix this issue.

Issue (b) CVE-2017-4928: SSRF and CRLF injection issues in vSphere web client. This issue affects vCenter Server 6.0 and 5.5. vCenter Server 6.0 U3c and 5.5 U3f fix this issue.

We would like to thank Honggang Ren of Fortinet’s FortiGuard Labs and ricterzheng @ Tencent Yunding Lab for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

The post New VMware Security Advisory VMSA-2017-0017 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.