VMwareVMSA-2017-0017VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
0.004 Low
EPSS
Percentile
74.3%
a. VMware vCenter Server LDAP Denial of Service (DoS).
VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS.
VMware would like to thank Honggang Ren of Fortinet’s FortiGuard Labs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4927 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vcenter server | lt | 6.5 U1 | |
| vcenter server | lt | 6.0 U3c | |
| vcenter server | lt | 5.5 U3f |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4929
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
blogs.vmware.com/security
docs.vmware.com/en/VMware-vSphere/index.html
kb.vmware.com/kb/1055
my.vmware.com/web/vmware/details?downloadGroup=VC65U1&productId=614&rPId=17343
my.vmware.com/web/vmware/details?productId=353&downloadGroup=VC55U3F
my.vmware.com/web/vmware/details?productId=491&downloadGroup=VC60U3
twitter.com/VMwareSRC
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
Related
