VMSA-2015-0007 Report

On October 1st 2015 VMware published Security Advisory VMSA-2015-0007. In that advisory you will find three vulnerabilities: CVE-2015-5177, CVE-2015-2342 and CVE-2015-1047.

VMSA-2015-0007

To anticipate the questions you will surely get from your local Security Officer, I created a function to report which vSphere Servers in your environment are impacted, and which action to take.

Update October 5th 2015:

  • Updated build numbers in $vmsaTab
  • Corrected build number testing (thanks Richard)

The Script

Annotations

Line 17-85: The correlation between each of the vulnerabilities, the vSphere Server version and build and the fix mentioned in VMSA-2015-0007. Note that KB1014508, where one can normally find all update levels and the corresponding build number, is missing some of the proposed solutions from VMSA-2015-0007. For these I tried to determine the desired build number from the Product Download page under MyVMware. Also note that the Product Patches page under MyVMware, doesn’t seem to use the same terminology that is used in VMSA-2015-0007.

Line 91: the script uses the connected vCenters, as available in $Global:DefaultVIServers, to scan. It’s important that you connect to the vCenter(s) before you call the function.

Sample Usage

The function will look at all connected vCenters. It uses the values in $Global:DefaultVIServers to find these connected vSphere vCenters. For each vCenter it will query all connected ESXi servers.

The function returns an object array with all results from the investigation. When you redirect the result to a CSV file, you will get something like this.

patch

Note that CVE-2015-1047 and CVE-2015-2342 list different fix levels for the vCenter. The report lists the build corresponding with the CVE (Common Vulnerabilities and Exposures). You should of course apply the highest build, that way you will comply with both requirements.

Should you find any discrepancies in the product, versions and build numbers, please let me know.

Enjoy!

10 Comments

    Joe

    How do you execute this script? I saved the it as a .ps1 but when I run it as shown above, nothing happens. I run it after connecting to VC

      LucD

      Hi Joe,
      In the .ps1 file you copy the Get-VMSA-2015-0007 function.
      At the end of the .ps1 file you call the function, just a line with Get-VMSA-2015-0007 on it.
      Then run the .ps1 file

    Matt

    Are you sure the vCenter 5.5 Update 3 build number is correct? According to http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508, it should be 3000241.

      LucD

      Thanks, I also noticed that on that page it says 3000241.
      But on the download site it says 3000346 for vCenter and 3000347 for VCSA.
      In fact I’m not sure which of these it should be 🙁

      Update: if someone has vCenter 5.5 Update 3 running, can you check what the build number is ?

      vCenter 5.5 Update 3 build

        Aaron Rogers

        Mine shows 3000241 as the build number in the vSphere Client.

          LucD

          Thanks, does the report also show 3000241 ?
          It gets the build from the vSphere object.

          LucD

          I got confirmation from others that it indeed shows 3000241.
          The value in the script has been updated

            Matt

            Yeah, it’s really confusing. If you look at the vCenter object in the vSphere client, the build number shows as 3000241. But if you log into the appliance VAMI page and look at the system tab, it shows 3000347.

            But the script seems to be working now with 3000241.

    Robert van den Nieuwendijk

    Nice script!

    In the current version there is a typo. There should be a { after the else on line 133.

      LucD

      Thanks for spotting that.
      Corrected.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

16 − 16 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.