Workaround for BlazeDS CVE-2017-5641 for vCenter Server 6.5
search cancel

Workaround for BlazeDS CVE-2017-5641 for vCenter Server 6.5

book

Article ID: 328083

calendar_today

Updated On:

Products

VMware

Issue/Introduction

There is a critical vulnerability tracked by CVE-2017-5641. This vulnerability affects the vCenter Server Appliance and vCenter Server on Windows.

This article provides a workaround for the security issue CVE-2017-5641 by removing the telemetry plugins of vSphere Web Client. Before applying the workaround, see VMSA-2017-0007 for fixes and up to date information on this vulnerability.

The following versions of the vCenter Server Appliance and vCenter Server are impacted with the CVE-2017-5641 issue:
  • VMware vCenter Server Appliance 6.5
  • VMware vCenter Server 6.5

Functionality Impact: The Customer Experience Improvement Program will stop working which will result in not sending vCenter and vSphere web client telemetry data to VMware.


Resolution

This issue is resolved in vCenter Server 6.5 c available at VMware Downloads.

To work around this issue, remove the telemetry plugins.

For vCenter Server 6.5 on Windows
  1. Log in as an administrator to the Windows machine.
  2. Open the command prompt.
  3. Run this command to navigate to C:\Program Files\VMware\vCenter Server\vmon:

    cd C:\Program Files\VMware\vCenter Server\vmon

  4. Run this command to stop the vSphere Web Client service:

    vmon-cli -k vsphere-client

  5. Backup the contents of C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\work and C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\pickup.

  6. Run this command to remove the contents of the vSphere Web Client work directory:

    rmdir "C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\work" /s /q

  7. Run this command to remove the contents of the pickup directory:

    del "C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\pickup\*" /q

  8. Back up the following files located at C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\plugin-packages\telemetry\plugins\.

    • ceip-service-6.1.0.jar
    • ceip-ui-war-6.1.0.war
    • telemetry-service-6.1.0.jar
    • telemetry-ui-war-6.1.0.war

  9. Remove the following files under C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\plugin-packages\telemetry\plugins\.

    • ceip-service-6.1.0.jar
    • ceip-ui-war-6.1.0.war
    • telemetry-service-6.1.0.jar
    • telemetry-ui-war-6.1.0.war

  10. Run this command to navigate to C:\Program Files\VMware\vCenter Server\vmon:

    cd C:\Program Files\VMware\vCenter Server\vmon

  11. Run this command to start the vCenter services:

    vmon-cli -i vsphere-client

For vCenter Server Appliance 6.5
  1. Connect the vCenter Server Appliance with an SSH session.
  2. Run this command to stop the vSphere Web Client service:

    /usr/lib/vmware-vmon/vmon-cli -k vsphere-client

  3. Backup the contents of the /usr/lib/vmware-vsphere-client/server/work/ directory.
  4. Run this command to remove the contents of the vSphere Web Client work directory:

    rm -rf /usr/lib/vmware-vsphere-client/server/work/*

  5. Backup the contents of the /usr/lib/vmware-vsphere-client/server/pickup/ directory.
  6. Run this command to remove the contents of the pickup directory:

    rm /usr/lib/vmware-vsphere-client/server/pickup/*

  7. Back up the following files under /usr/lib/vmware-vsphere-client/plugin-packages/telemetry/plugins/.

    • ceip-service-6.1.0.jar
    • ceip-ui-war-6.1.0.war
    • telemetry-service-6.1.0.jar
    • telemetry-ui-war-6.1.0.war

  8. Remove the following files under /usr/lib/vmware-vsphere-client/plugin-packages/telemetry/plugins/.

    • ceip-service-6.1.0.jar
    • ceip-ui-war-6.1.0.war
    • telemetry-service-6.1.0.jar
    • telemetry-ui-war-6.1.0.war

  9. Run this command to start the vCenter service:

    /usr/lib/vmware-vmon/vmon-cli -i vsphere-client


Additional Information

Process to verify the workaround was applied:
  1. Open Developer Tools in Chrome, Firefox or IE and go to the Network tab.
  2. Refresh the browser and observe that the removed module telemetry-ui is not downloaded in the browser.

Steps to reverse the workaround:
  1. Stop the vSphere Web Client service.
  2. Restore all the deleted plugin files to their original location.
  3. Start the vSphere Web Client service.
针对 vCenter Server 6.5 的 BlazeDS CVE-2017-5641 的权宜措施
vCenter Server 6.5 の BlazeDS CVE-2017-5641 に関する回避策

Powered by Wolken Software