VMware vCloud Director 9.1, 9.5, 9.7, 10.0 Workaround for CVE-2020-3956
book
Article ID: 320544
calendar_today
Updated On:
Products
VMware Cloud Director
Issue/Introduction
VMware vCloud Director 9.1.0.4, 9.5.0.6, 9.7.0.5 and 10.0.0.2 addresses a code injection vulnerability. The Common Vulnerabilities and Exposures project (https://cve.mitre.org) has assigned the identifier CVE-2020-3956 to this issue.
VMware released VMware Security Advisory VMSA-2020-0010 to help customers understand the issue and which upgrade path will fix it.
This article lists the recommended solution, upgrading to a patched release, but also provides a workaround for customers who can't upgrade.
Environment
VMware Cloud Director for Service Provider 9.7.x VMware Cloud Director for Service Provider 10.x VMware Cloud Director for Service Provider 9.5.x
Resolution
Permanent fixes have been released and are documented in VMware Security Advisory VMSA-2020-0010. Customers are strongly recommended to upgrade to one of these applicable versions immediately.
Workaround: If upgrading to a recommended version is not an option, you may apply this workaround for CVE-2020-3956 in 9.1, 9.5, 9.7 or 10.0, perform the following steps:
Download theWA_CVE-2020-3956.shscript to the root directory of each vCloud Director Cells within the Server Group.
Ensure that the 'zip' package is installed on your system.
Appliances do not ship with 'zip' package. It can be installed by running the command:
tdnf install zip
If vCloud Director is installed on Linux, please consult the respective package manager documentation for steps on how to install the 'zip' package
Modify the permissions of the file to allow execution
chown root:vcloud WA_CVE-2020-3956.sh
chmod 740 WA_CVE-2020-3956.sh
Execute the script
./WA_CVE-2020-3956.sh
Ensure the services on the current vCloud Director Cell have come up before proceeding with running the script on subsequent Cells.
tail -f /opt/vmware/vcloud-director/logs/cell.log
You should see an entry like below when the Cell has completed startup
Successfully verified transfer spooling area: /opt/vmware/vcloud-director/data/transfer Cell startup completed in Xm YYs
Additional Information
Checksum details for attached file - WA_CVE-2020-3956.sh
Impact/Risks: This workaround is applicable to affected versions of VMware vCloud Director 9.1, 9.5, 9.7 and 10.0 Do not apply this workaround to other VMware products.
Note:
The WA_CVE-2020-3956.sh script will automatically restart the vCloud Director service when executed.
If issues are encountered with the automated restart of the vCloud Director service, you can do so manually by running the following command: