ESB-2018.3567 - [Win][Linux][Virtual] VMware vRealize Log Insight: Unauthorised access - Existing account 2018-11-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3567
       VMware vRealize Log Insight updates address an authorization
                           bypass vulnerability
                             15 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware vRealize Log Insight
Publisher:         VMware
Operating System:  Virtualisation
                   Windows
                   Linux variants
Impact/Access:     Unauthorised Access -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6980  

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2018-0028.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -----------------------------------------------------------------------
                           VMware Security Advisory

Advisory ID: VMSA-2018-0028
Severity:    Moderate
Synopsis:    VMware vRealize Log Insight updates address an
             authorization bypass vulnerability
Issue date:  2018-11-13
Updated on:  2018-11-13 (Initial Advisory)
CVE number:  CVE-2018-6980

1. Summary

   VMware vRealize Log Insight updates address an authorization bypass
   vulnerability

2. Relevant Products

   VMware vRealize Log Insight (vRLI)

3. Problem Description

   vRealize Log Insight improper authorization vulnerability

   VMware vRealize Log Insight contains a vulnerability due to improper
   authorization in the user registration method. Successful
   exploitation of this issue may allow Admin users with view only
   permission to perform certain administrative functions which they
   are not allowed to perform.

   VMware would like to thank Piotr Madej of ING Tech Poland for
   reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6980 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware    Product   Running             Replace with/  Mitigations/
   Product   Version   on        Severity  Apply patch   Workarounds
     vRLI     4.7.x    Virtual   Moderate     4.7.1         None
                               Appliance
     vRLI     4.6.x    Virtual   Moderate     4.6.2         None
                       Appliance

4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   VMware vRealize Log Insight 4.7.1
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/info/slug/infrastructure_operations
   _management/vmware_vrealize_log_insight/4_7
   VMware vRealize Log Insight 4.6.2
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/info/slug/infrastructure_operations
   _management/vmware_vrealize_log_insight/4_6


5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980

- - -----------------------------------------------------------------------

6. Change log

   VMSA-2018-0028 2018-11-13 Initial security advisory in conjunction
   with the release of vRLI 4.7.1 and 4.6.2 on 2018-11-13.

- - ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:
   security-announce@lists.vmware.com
   bugtraq@securityfocus.com
   fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   https://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   https://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html
   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.


- -----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFb6zpGDEcm8Vbi9kMRAsj+AKCpkcveWPZKH9monC7SGwP5IYDUZwCgg99c
qVgwGc3G0fLTomLhyRq98is=3D
=3DT+RY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+y3VGaOgq3Tt24GAQiwiw/+JV9edxoQwXKYF9y44x6TH5DinD7n2K9n
rpTwm4fokKRBBrZ5jM2c5c2tngh1vUR2ZQ/JBTR85XwG7pQdsXkFDPjJFnNChkds
PcAEVLB/WwseeqD/FNrax/966uxDjnDGW5u1KtiCGd7yV2eqU7Mzj1KuHFphlVe4
jVWlIvyY0kH9ZD7H25dXt5D2BUeu36CicUbdNQvfcNQdkg8RqyCY5lbBh4BSqbpA
D4KlC/xDnGdYvHeEziC7Ky9QtN7LIqWGmziWFGQjqN+WLHY5I6heZ7TAyGpLJPFp
VA5qFJDDouGu8kHrJzKhanqm1XH7ylX1L3pIkyeM2vtn375hZWe7OHzEhttc4V6B
UhVvAteypq1r7nJOmCLlDXCRVasPcbWlC6/2bu93G+GuTzJyQ6ZN5ESFiA2ALCSU
Hjul1CxcNw8GGeAEh3HDvL5v/ua3A9WS9w3mWo1hX+whbH4pLyAaN4oGzvDOGxyk
WM0mPaBAv2LWuXxWoeJZxLV4YJa8lBlM939S5YevmVcJx756HqTApwA+QpLOZg7N
u9hvfnqIMSrUl01N2MWVQhhoVcU01toO3+sCLOWelYwkyV6L5VXdzSYuw4oIjXQw
H4aDfprPwXbkW20/Y0pf2EzXfOk/xFYNYooiFsRn7UiirTJpg/r2enXBWYntTpeW
Mjf/k2UtG1Y=
=bCKx
-----END PGP SIGNATURE-----

« Back to bulletins