Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

How to mitigate VMware vIDM local privilege escalation vulnerability

by | Aug 24, 2016

VMWare has issued a latest security advisory VMSA-2016-0013, which addresses two critical vulnerabilities of VMWare products – CVE-2016-5335 and CVE-2016-5336.

These are severe vulnerabilities that affect VMware Identity Manager and vRealize Automation software.

VMware vRealize Automation tool vRA is used in cloud environment to automate the delivery of infrastructure, applications and IT services.

VMware Identity Manager vIDM is used for application provisioning, conditional access controls and Single Sign-On (SSO) for cloud and mobile applications.

What is local privilege escalation vulnerability – CVE-2016-5335?

Every user account in a software application has a certain set of privileges assigned with it. A lower level user account will have only a limited set of privileges compared to a higher level account.

But a design flaw in the software helps the attacker, who gains access to a low privilege account, to obtain higher access. This is called a local privilege escalation vulnerability.

Local privilege escalation (CVE-2016-5335) can result in hackers gaining super user access and performing unauthorized actions in the system or accessing confidential information.

As a result, this vulnerability is a very critical one and the fix has to be done immediately to avoid compromising your data.

What is remote code execution vulnerability – CVE-2016-5336?

Remote code execution refers to executing arbitrary code from one machine on another machine, by accessing it via any exploits.

The hackers scan for open ports or vulnerable accounts in the applications and gain access to them. With this access, they can execute malicious code in the system.

Malicious remote code execution can lead to hackers gaining access to user’s privileges and obtaining critical information from your system.

To safeguard your information and system, it is critical to fix this vulnerability.

Are you vulnerable?

Local privilege escalation (CVE-2016-5335) reportedly affects both vIDM 2.x and vRA 6.x and 7.0.x versions of VMWare products.

If you are using VMWare cloud product such as VMware Workspace and are running these versions of software, your risk is very severe and need immediate fix.

Remote code execution vulnerability (CVE-2016-5336) only affects vRA 7.0.x products. The port 40002 in the nodes are exploited to gain access to the application.

However, the exploit is an important one and require immediate fix.

What’s the permanent fix?

The permanent fix recommended by VMWare is to update vIDM to version 2.7 and vRA to version 7.1 as soon as possible.

Until you can upgrade, there is a workaround for remote code execution vulnerability (CVE-2016-5336), that can be applied for vRA 7.0.x products.

How to implement the workaround?

The solution is to block access to port 40002 of the nodes in the High Availability cluster using iptables firewall.

iptables -A INPUT -p tcp --dport 40002 -j DROP

Before blocking all connections to the port from outside, it is important to allow access from other nodes in the cluster for proper functioning.

In short..

Today we’ve seen how we perform workaround for VMWare vulnerabilities CVE-2016-5335 and CVE-2016-5336 in cloud management hosting.

Our 24/7 security expert team keeps track of all the emerging vulnerabilities and this helps us to implement the fixes promptly in our clients’ servers before a hack occurs.

We also perform periodic server audits and pro-active server management services to secure the servers and protect them from hacks or exploits.

Bobcares helps online businesses of all sizes achieve world-class security and uptime, using tried and tested solutions. If you’d like to know how to make your server more reliable, we’d be happy to talk to you.

 

Get a FREE consultation

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

Talk to our technical support specialist today to know how we can keep your service top notch!

TALK TO AN EXPERT NOW!




Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsourced Live Chat Support and Phone Support Services.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Categories

Tags

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF