VMware vCloud Director 9.1, 9.5, 9.7, 10.0 Workaround for CVE-2020-3956
search cancel

VMware vCloud Director 9.1, 9.5, 9.7, 10.0 Workaround for CVE-2020-3956

book

Article ID: 320544

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

VMware vCloud Director 9.1.0.4, 9.5.0.6, 9.7.0.5 and 10.0.0.2 addresses a code injection vulnerability. The Common Vulnerabilities and Exposures project (https://cve.mitre.org) has assigned the identifier CVE-2020-3956 to this issue.

VMware released VMware Security Advisory
VMSA-2020-0010 to help customers understand the issue and which upgrade path will fix it.

This article lists the recommended solution, upgrading to a patched release, but also provides a workaround for customers who can't upgrade.


Environment

VMware Cloud Director for Service Provider 9.7.x
VMware Cloud Director for Service Provider 10.x
VMware Cloud Director for Service Provider 9.5.x

Resolution

Permanent fixes have been released and are documented in VMware Security Advisory VMSA-2020-0010.
Customers are strongly recommended to upgrade to one of these applicable versions immediately.

Workaround:
If upgrading to a recommended version is not an option, you may apply this workaround  for CVE-2020-3956 in 9.1, 9.5, 9.7 or 10.0, perform the following steps:

 
  1. Download the WA_CVE-2020-3956.sh script to the root directory of each vCloud Director Cells within the Server Group.
  2. Ensure that the 'zip' package is installed on your system.
    1. Appliances do not ship with 'zip' package. It can be installed by running the command:
      1. tdnf install zip
    2. If vCloud Director is installed on Linux, please consult the respective package manager documentation for steps on how to install the 'zip' package
  3. Modify the permissions of the file to allow execution
    1. chown root:vcloud WA_CVE-2020-3956.sh 
    2. chmod 740 WA_CVE-2020-3956.sh 
  4. Execute the script
    1. ./WA_CVE-2020-3956.sh
  5. ​​​​​​​Ensure the services on the current vCloud Director Cell have come up before proceeding with running the script on subsequent Cells.
    1. tail -f  /opt/vmware/vcloud-director/logs/cell.log
    2. You should see an entry like below when the Cell has completed startup
    3. Successfully verified transfer spooling area: /opt/vmware/vcloud-director/data/transfer
      Cell startup completed in Xm YYs

       


Additional Information

Checksum details for attached file - WA_CVE-2020-3956.sh
  • sha1sum 61ad602f59afc80481f0caeb50f02026409eb1ae
  • sha256sum 0b439ec44debd8028b1834b4cf5a598e3815088290c02adad4a2593953ebdbe2
  • md5sum c53f2fff18bdab1a5aedb560ac1f5b44


Impact/Risks:
This workaround is applicable to affected versions of VMware vCloud Director 9.1, 9.5, 9.7 and 10.0
Do not apply this workaround to other VMware products.


Note:
  • The WA_CVE-2020-3956.sh script will automatically restart the vCloud Director service when executed.
  • If issues are encountered with the automated restart of the vCloud Director service, you can do so manually by running the following command:
    • service vmware-vcd restart


Attachments

WA_CVE-2020-3956 get_app