Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2535 VMSA-2019-0011 ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528) 10 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi Publisher: VMware Operating System: VMware ESX Server Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-5528 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2019-0011.html - --------------------------BEGIN INCLUDED TEXT-------------------- VMware Security Advisories +------------+----------------------------------------------------------------+ |Advisory ID |VMSA-2019-0011 | +------------+----------------------------------------------------------------+ |Advisory |Moderate | |Severity | | +------------+----------------------------------------------------------------+ |CVSSv3 Range|5.3 | +------------+----------------------------------------------------------------+ |Synopsis |ESXi patches address partial denial of service vulnerability in | | |hostd process (CVE-2019-5528) | +------------+----------------------------------------------------------------+ |Issue Date |2019-07-09 | +------------+----------------------------------------------------------------+ |Updated On |2019-07-09 (Initial Advisory) | +------------+----------------------------------------------------------------+ |CVE(s) |CVE-2019-5528 | +------------+----------------------------------------------------------------+ 1. Impacted Products o ESXi 2. Introduction A partial denial of service vulnerability in ESXi was reported to VMware Security Response. Patches and workarounds are currently available to remediate or workaround this vulnerability. 3. Partial denial of service vulnerability in ESXi hostd process (CVE-2019-5528) Description: Multiple failed login attempts to ESXi may cause the hostd service to become unresponsive resulting in a partial denial of service for management functionality. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. Known Attack Vectors: A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive resulting in conditions such as an ESXi host disconnecting from vCenter. Resolution: To remediate this vulnerability, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below. Workarounds: Workarounds are available for this issue, follow the instructions in the documents linked in the 'Workarounds' section found below. Additional Documentations: None. Acknowledgements: None. Notes: o If hostd becomes unresponsive due to CVE-2019-5528 the condition can be cleared by restarting the hostd service, it is not necessary to reboot the ESXi host. o Vulnerability scanners have been reported to trigger this vulnerability via multiple failed login attempts to ESXi. Response Matrix: +-------+-------+-------+-------------+------+--------+--------------------+-----------+----------+ |Product|Version|Running|CVE |CVSSV3|Severity|Fixed Version |Workarounds|Additional| | | |On |Identifier | | | | |Documents | +-------+-------+-------+-------------+------+--------+--------------------+-----------+----------+ |ESXi |6.7 |Any |CVE-2019-5528|5.3 |Moderate|Patch Pending |kb67920 |None | +-------+-------+-------+-------------+------+--------+--------------------+-----------+----------+ |ESXi |6.5 |Any |CVE-2019-5528|5.3 |Moderate|ESXi650-201907201-UG|kb67920 |None | +-------+-------+-------+-------------+------+--------+--------------------+-----------+----------+ |ESXi |6.0 |Any |CVE-2019-5528|N/A |N/A |Unaffected |N/A |N/A | +-------+-------+-------+-------------+------+--------+--------------------+-----------+----------+ 4. References Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5528 Fixed Version(s) and Release Notes: ESXi650-201907201-UG: Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/ vsphere-esxi-65u3-release-notes.html Workarounds: https://kb.vmware.com/s/article/67920 5. Change log 2019-07-09: VMSA-2019-0011 Initial security advisory detailing remediations and workarounds available for ESXi. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2019 VMware Inc. All rights reserved. VMware Logo Contact Sales Get Support About VMware Careers Thought Leadership (C) 2019 VMware, Inc Terms of Use Privacy Accessibility Site Map Trademarks - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXSV10maOgq3Tt24GAQiuGA//e9GXkFAUNPV3Y1oMGml6cXnYbRQEA48Y EUjZU8f+WB916GiO/2YRjjOtFc/bq++zYYPDKg5inBMPwLCOiFyoFQFOlRLKlTKM I4nGWBQJ2KgyGrLygvXi5GiJzmnHchpM2s2pfBnPtmLvDs8UMQDi3j9UDqNuR32L 8LJ7D6ORINc9CvIid7Eq5weIQ0yUaaxJwBB3NI1+5Q/UvuV38h78RcXrNrijb0PC cOGy7xX4N97TtaJGbaXQChsuX33LqoBtOtON0LG9TfvpNAeagPHvLoS+wJ4FX0sq 88gEr9+1I8uVjJ1wA7PKiquzS2ezElTkZ1uRDBATPhG/W3l4zM4RKpx1d5dBAJTg pAdMWuzr32zbU+ZRPu/7qiGR1LK5i3kb7wxvpUZ+Z75Sn5NuiumGC2y8V49Q9cGG ElAkBmJWW+g6OuRnI8j3nw/VkvEjG5syzH6qS7LHmRSeHbiqlGdsvlXfNLHGJv++ JM+bWlS1fQVposfKS1Eb3UmWcTlyVBitA9bD816ppQrzQ8Ws5n/AwW0mphFjN6wT OID+KyiT6BcEB9W13Hdr1d3CLNP4kqAZL6CUGYPfjLAkvsavmKMV3JY/9PP2vsq8 PLrj10ly0Qc+ExRlkK+moTeuMNljS2CCoowK4X5QE/LZkzoGp0yGQV6wSWAyxJx1 FMxdA3wjISM= =j7QK -----END PGP SIGNATURE-----