vRealize Business for Cloud 7.x Workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479
search cancel

vRealize Business for Cloud 7.x Workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479

book

Article ID: 332507

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 have been determined to affect vRealize Business for Cloud 7.x. These vulnerabilities, their affect on VMware products, and VMware’s overall response is documented in VMSA-2019-0010 . Please review this advisory before continuing as there may be considerations outside the scope of this particular document including permanent solutions.

The vRealize Business for Cloud team has determined that the aforementioned issues can be mitigated by performing the steps detailed in the resolution section of this article. This workaround is meant to be a temporary solution only - permanent fixes will be released as soon as they are available.

Warning:

This workaround is applicable ONLY to vRealize Business for Cloud 7.x. Do not apply this workaround to other VMware products.

No functionality Impacts

Resolution

To implement the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 perform the following steps:

  1. Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console. 
  2. Run the following commands:
iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP


To confirm that the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 has been correctly applied perform the following steps:
 

  1. Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console. 
  2. Run the following commands:
iptables -L | grep tcpmss
ip6tables -L | grep tcpmss


To remove the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 at a later time perform the following steps:

  1. Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console. 
  2. Run the following commands:
iptables -D INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
ip6tables -D INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP

For up-to-date information on CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 as well as future security information please add your email address to the "Sign up for Security Advisories" window found in VMSA-2019-0010 .