This KB documents the workaround steps for VMSA-2023-0001.

Please note that the workarounds described in this document are meant to provide temporary mitigation for the vulnerabilities disclosed in VMSA-2023-0001.
To fully remediate the vulnerabilities VMware vRealize Log Insight must be upgraded to 8.10.2.

Download the KB90635_3.zip file from here.
Note: The file is posted on the download page for VMware vRealize Log Insight 8.10.2 but the same scripts can be executed on all versions of VMware vRealize Log Insight 8.x.  Please download the file from the above location for all supported versions.

This contains 2 files:

• KB90635.sh
• KB90635_validate.sh

Please ensure that the correct file, KB90635_3.zip is downloaded.

Workaround Instructions For VMSA-2023-0001

To apply the workaround for VMSA-2023-0001, perform the following steps for each vRealize Log Insight node in the cluster.

1. Log into the Primary node as root via SSH or Console.

2. Download the KB90635.sh file mentioned in the Purpose section to this KB and upload it into the /opt/vmware/bin/ folder of the node using an SCP utility.
3. Run the following commands to change the permissions of the KB90635.sh file and make it executable:

4. Run the following command to execute the KB90635.sh script:

/opt/vmware/bin/KB90635.sh setup

5. Proceed to the next node in the cluster and follow steps 1-4 on each node.

Do NOT delete the KB90635.sh file after remediation.  This file should remain at /opt/vmware/bin/KB90635.sh until the appliance is upgraded to version 8.10.2 or later.
 

Validation Steps For The Workaround

To validate the workaround for VMSA-2023-0001, perform the following steps for each vRealize Log Insight node in the cluster.

Important: Ensure that you have executed the steps above on ALL nodes on the cluster before proceeding with the validation.
 

1. Log into the Primary node as root via SSH or Console.

Note: If you do not know your root password, see How to reset the root password in VMware Aria Operations for Logs.
Note: If you are unable to connect to vRealize Log Insight, see The VMware Aria Operations for Logs root partition is full.

2. Download the KB90635_validate.sh file mentioned in the Purpose section and upload it into the /opt/vmware/bin/ folder of the node using an SCP utility.
3. Run the following commands to change the permissions of the KB90635_validate.sh file and make it executable:

chmod +x /opt/vmware/bin/KB90635_validate.sh
chmod 755 /opt/vmware/bin/KB90635_validate.sh

4. Run the following command to execute the KB90635_validate.sh script:

/opt/vmware/bin/KB90635_validate.sh

Note: Ensure that all nodes in the cluster are listed in the output.

Example:

5. The script will continue to execute the required steps.  Follow the output and ensure that no errors are reported.  Upon successful completion, a message similar to the below will be displayed:

Do NOT delete the KB90635.sh file after remediation.  This file should remain at /opt/vmware/bin/KB90635.sh until the appliance is upgraded to version 8.10.2 or later.

1. Log into the Primary node as root via SSH or Console.
2. Run the following command on the Primary node to a execute the KB90635.sh script against the new node:

3. Join the new node to the cluster as normal and wait for successful initialization.
4. Log into the new node as root via SSH or Console.
5. Run the following command to execute the KB90635.sh script:

6. On all nodes in the cluster, run the following commands to restart the KB90635.sh script: