Additional patch for security issue CVE-2015-2342 for vCenter Server 5.x on Windows
search cancel

Additional patch for security issue CVE-2015-2342 for vCenter Server 5.x on Windows

book

Article ID: 340961

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

For the security issue CVE-2015-2342 documented in VMSA-2015-0007.2, a partial fix is available for certain vCenter Server versions. A partial fix does not properly address the JMX security issue documented in VMSA-2015-0007. This may lead to remote code execution and local privilege escalation. If Windows Firewall is enabled on the Windows system that runs vCenter Server, remote code execution is not possible.

The following versions of vCenter Server have a partial fix for the CVE-2015-2342 issue:
  • vCenter Server Windows 5.0 Update 3e
  • vCenter Server Windows 5.1 Update 3b
  • vCenter Server Windows 5.5 Update 3
  • vCenter Server Windows 5.5 Update 3a
  • vCenter Server Windows 5.5 Update 3b
The following versions of vCenter Server have a complete fix for the CVE-2015-2342 issue:
  • vCenter Server Windows 6.0.0b and above
  • vCenter Server Appliance 6.0.0b and above
The following versions of vCenter Server do not have a fix for the CVE-2015-2342 issue:
  • vCenter Server Windows 5.0 Update 3d and below
  • vCenter Server Windows 5.1 Update 3a and below
  • vCenter Server Windows 5.5 Update 2e and below
  • vCenter Server Windows 6.0.0a and below
  • vCenter Server Appliance 5.0 Update 3d and below
  • vCenter Server Appliance 5.1 Update 3a and below
  • vCenter Server Appliance 5.5 Update 2e and below
  • vCenter Server Appliance 6.0.0a and below


Environment

VMware vCenter Server 5.1.x
VMware vCenter Server 5.5.x
VMware vCenter Server 5.0.x

Resolution

For vCenter Server versions on Windows that have a partial fix, installing the additional patch completes the fix for CVE-2015-2342. This patch is installed by running the attached script or by manually replacing the vSphere Web Client configuration file (wrapper.conf).

Warning: The additional patch can be applied only to the vCenter Server versions on Windows that have a partial fix. If the patch is applied to a version of vCenter Server that has no fix or a complete fix, the system will no longer function properly.

Steps to programmatically replace the vSphere Web Client configuration file

The script stops the vSphere Web Client service, and creates a back up of the wrapper.conf file in the directory. The script makes the necessary changes to the wrapper.conf file, and restarts the vSphere Web Client service. It generates a log file in the same directory where the command was executed.

  1. Download the JMX-Scripts-V2.zip script from the attachment.
  2. Unzip the package in the Windows machine where the vSphere Web Client is installed, and check the SHA-1 checksum of the individual files.

    Note: Checksum information is available at the bottom of this section.

  3. Launch the command prompt with administrator privileges.
  4. Use the script that matches with your installed VMware vSphere Web Client version.

    • VMware vSphere Web Client 5.0 update 3e - JMXScript5.0.vbs
    • VMware vSphere Web Client 5.1 update 3b - JMXScript5.1.vbs
    • VMware vSphere Web Client 5.5 update 3, 3a, and 3b - JMXScript5.5.vbs

  5. Run the following command:

    cscript JMXScript5.<x>.vbs "<location_of_wrapper.conf_file>"

    You must enter the location of the wrapper.conf file within double quotes. The default location of the wrapper.conf file on Windows environment is:

    • For vCenter Server 5.0: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf\wrapper.conf
    • For vCenter Server 5.1: C:\Program Files\VMware>\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf
    • For vCenter Server 5.5: C:\Program Files\VMware>\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf

    Important: Check for the Finish script execution message in the jmxscript.log file to confirm the execution of the script. Location of the log file is same as the folder from where the script is executed.

For custom vSphere Web Client locations, provide the wrapper.conf file path as input in the cscript command.

Steps to manually replace the vSphere Web Client configuration file

For vCenter Server 5.5 Update 3, 5.5 Update 3a and 5.5 Update 3b

  1. Stop the VMware vSphere Web Client service on the Windows machine where it is installed. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).
  2. Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.

    Note: The default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf.

  3. Download the attached 2144428_wrapper.conf-AP5.5.zip and extract the file, check its SHA-1 checksum.

    Note: Checksum information is available at the bottom of this section.

  4. Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf.
  5. Rename the wrapper.conf-AP5.5 file as wrapper.conf.
  6. Start the VMware vSphere Web Client service.

For vCenter Server 5.1 Update 3b

  1. Stop the VMware vSphere Web Client service on the Windows machine where it is installed. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).
  2. Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.

    Note: The Default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf.

  3. Download the attached 2144428_wrapper.conf-AP5.1.zip and extract the file, check its SHA-1 checksum.

    Note: Checksum information is available at the bottom of this section.

  4. Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf.
  5. Rename the wrapper.conf-AP5.1 file as wrapper.conf.
  6. Start the VMware vSphere Web Client service.

For vCenter Server 5.0 Update 3e

  1. Stop the VMware vSphere Web Client service on the Windows machine where it is installed.
  2. Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.

    Default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf\wrapper.conf.

  3. Download the attached 2144428_wrapper.conf-AP5.0.zip and extract the file, check its SHA-1 checksum.

    Note: Checksum information is available at the bottom of this section.

  4. Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf.
  5. Rename the wrapper.conf-AP5.0 file as wrapper.conf.
  6. Start the VMware vSphere Web Client service.

Note: After applying the additional patch, the VMware vSphere Web Client service does not listen on port 9875. Any Windows Firewall rules that open the port 9875 can be deleted manually.

SHA-1 Checksums

  • JMXSCript5.0-md5: EE089F61369E0B10C7AF64B293CCAD54
  • JMXSCript5.1-md5: 68578DC725E322454FF4EE403FA8026E
  • JMXSCript5.5-md5: DA5AD368D7C8C77BDB12F20F01A3779C

SHA-1 Checksums for individual wrapper.conf files

  • wrapper.conf-AP5.0: d72dcad1e3ad7e27846916308aa416ab
  • wrapper.conf-AP5.1: 29cfef283bdd8f71035ab15fed8d57c9
  • wrapper.conf-AP5.5: a191b225dddebd25ac80582f429f6f2c

Additional Information

For translated versions of this article, see:

Attachments

2144428_wrapper.conf-AP5.0.conf.zip get_app
2144428_wrapper.conf-AP5.5.conf.zip get_app
2144428_JMX-Scripts-V2.zip get_app
2144428_wrapper.conf-AP5.1.conf.zip get_app
Powered by Wolken Software