<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Vulnerability Archives - LucD notes</title>
	<atom:link href="https://www.lucd.info/category/vsphere/vulnerability/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.lucd.info/category/vsphere/vulnerability/</link>
	<description>My PowerShell ramblings</description>
	<lastBuildDate>Tue, 06 Oct 2015 06:13:27 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9</generator>

<image>
	<url>https://www.lucd.info/wp-content/uploads/2018/12/cropped-120px-Tibetan_Dharmacakra-32x32.png</url>
	<title>Vulnerability Archives - LucD notes</title>
	<link>https://www.lucd.info/category/vsphere/vulnerability/</link>
	<width>32</width>
	<height>32</height>
</image> 
<atom:link rel="hub" href="https://pubsubhubbub.appspot.com"/><atom:link rel="hub" href="https://pubsubhubbub.superfeedr.com"/><atom:link rel="hub" href="https://websubhub.com/hub"/>	<item>
		<title>VMSA-2015-0007 Report</title>
		<link>https://www.lucd.info/2015/10/04/vmsa-2015-0007-report/</link>
					<comments>https://www.lucd.info/2015/10/04/vmsa-2015-0007-report/#comments</comments>
		
		<dc:creator><![CDATA[LucD]]></dc:creator>
		<pubDate>Sun, 04 Oct 2015 11:40:09 +0000</pubDate>
				<category><![CDATA[ESXi]]></category>
		<category><![CDATA[PowerShell]]></category>
		<category><![CDATA[vCenter]]></category>
		<category><![CDATA[VMSA-2015-0007]]></category>
		<category><![CDATA[vSphere]]></category>
		<category><![CDATA[Vulnerability]]></category>
		<category><![CDATA[CVE-2015-1047]]></category>
		<category><![CDATA[CVE-2015-2342]]></category>
		<category><![CDATA[CVE-2015-5177]]></category>
		<category><![CDATA[PowerCLI]]></category>
		<category><![CDATA[report]]></category>
		<guid isPermaLink="false">http://www.lucd.info/?p=4990</guid>

					<description><![CDATA[On October 1st 2015 VMware published Security Advisory VMSA-2015-0007. In that advisory you [&#8230;]]]></description>
										<content:encoded><![CDATA[<p>On October 1st 2015 VMware published Security Advisory <a href="https://www.vmware.com/security/advisories/VMSA-2015-0007.html" target="_blank">VMSA-2015-0007</a>. In that advisory you will find three vulnerabilities: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177" target="_blank">CVE-2015-5177</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342" target="_blank">CVE-2015-2342</a> and <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047" target="_blank">CVE-2015-1047</a>.</p>
<p style="padding-left: 30px;"><a href="https://www.lucd.info/2015/10/04/vmsa-2015-0007-report/vmsa-2015-0007/" rel="attachment wp-att-4992"><img fetchpriority="high" decoding="async" class="alignnone size-full wp-image-4992" src="https://lucd.info/wp-content/uploads/2015/10/VMSA-2015-0007.png" alt="VMSA-2015-0007" width="340" height="153" srcset="https://www.lucd.info/wp-content/uploads/2015/10/VMSA-2015-0007.png 340w, https://www.lucd.info/wp-content/uploads/2015/10/VMSA-2015-0007-300x135.png 300w" sizes="(max-width: 340px) 100vw, 340px" /></a></p>
<p>To anticipate the questions you will surely get from your local <strong>Security Officer</strong>, I created a function to report which <strong>vSphere Servers</strong> in your environment are impacted, and which action to take.</p>
<p><span style="background-color: #ffff00;">Update October 5th 2015</span>:</p>
<ul>
<li>Updated build numbers in <strong>$vmsaTab</strong></li>
<li>Corrected build number testing (thanks <a href="https://twitter.com/RichardKenyan" target="_blank">Richard</a>)</li>
</ul>
<p><span id="more-4990"></span></p>
<h2>The Script</h2>
<p></p><pre class="urvanov-syntax-highlighter-plain-tag">function Get-VMSA-2015-0007
{
&lt;#
.SYNOPSIS  Report on VMSA-2015-0007 vulnerabilities
.DESCRIPTION The function will look at all connected
  vSphere servers ($global:defaultviservers), and 
  report which ones are impacted by VMSA-2015-0007,
  and which action to take
.NOTES  Author:  Luc Dekens
.EXAMPLE
  PS&gt; Get-VMSA-2015-0007
#&gt;
  
  Begin
  {
  
    $vmsaTab = @(
      @{
        Vulnerability = 'CVE-2015-5177'
        Product = 'Vmware ESXi'
        Safe = @(
          @{
            Version = '5.5'
            Build = '3029837'
            Action = 'ESXi550-201509101'
          },
          @{
            Version = '5.1'
            Build = '3021178'
            Action = 'ESXi510-201510101'
          },
          @{
            Version = '5.0'
            Build = '3021432'
            Action = 'ESXi500-201510101'
          }
        )
      },
      @{
        Vulnerability = 'CVE-2015-2342'
        Product = 'VMware vCenter Server'
        Safe = @(
          @{
            Version = '6.0'
            Build = '3018521'
            Action = '6.0 u1'
          },
          @{
            Version = '5.5'
            Build = '3000241'
            Action = '5.5 u3'
          },
          @{
            Version = '5.1'
            Build = '3072311'
            Action = '5.1 u3b'
          },
          @{
            Version = '5.0'
            Build = '3073234'
            Action = '5.0 u3e'
          }
        )
      },
      @{
        Vulnerability = 'CVE-2015-1047'
        Product = 'VMware vCenter Server'
        Safe = @(
          @{
            Version = '5.5'
            Build = '2063318'
            Action = '5.5u2'
          },
          @{
            Version = '5.1'
            Build = '2308385'
            Action = '5.1u3'
          },
          @{
            Version = '5.0'
            Build = '3073234'
            Action = '5.0u3e'
          }
        )
      }
    )
  }
  
  Process
  {
    foreach($vc in $global:DefaultVIServers){
      Foreach($dc in (Get-Datacenter -Server $vc)){
        Foreach($esx in Get-VMHost -Location $dc -Server $vc){
          $product = $esx.ExtensionData.Config.Product
          foreach($entry in ($vmsaTab | where{$_.Product -eq $product.Name})){
            $esx | Select @{N='vCenter';E={$vc.Name}},
              @{N='Datacenter';E={$dc.Name}},
              @{N='Cluster';E={$_.Parent}},
              @{N='Name';E={$_.Name.Split('.')[0]}},
              @{N='Product';E={$product.Name}},
              Version,
              Build,
              @{N='CVE';E={$entry.Vulnerability}},
              @{N='Safe';E={
                $script:entrySafe = $entry.Safe | where{$esx.Version -match &quot;^$($_.Version)&quot;}
                if($script:entrySafe -ne $null){
                  if([int]$esx.Build -ge [int]$script:entrySafe.Build){[string]$true}else{[string]$false} 
                }
                else{'na'}
              }},
              @{N='Action';E={
                if($script:entrySafe -ne $null){
                  $script:entrySafe.Action
                }
                else{'na'}
              }}
          }
        }
      }
      $product = $vc.ExtensionData.Content.About
      foreach($entry in ($vmsaTab | where{$_.Product -eq $product.Name})){
        $vc | Select @{N='vCenter';E={$vc.Name}},
          @{N='Datacenter';E={''}},
          @{N='Cluster';E={''}},
          @{N='Name';E={$_.Name.Split('.')[0]}},
          @{N='Product';E={$product.Name}},
          Version,
          Build,
          @{N='CVE';E={$entry.Vulnerability}},
          @{N='Safe';E={
            $script:entrySafe = $entry.Safe | where{$vc.Version -match &quot;^$($_.Version)&quot;}
            if($script:entrySafe -ne $null){
              if([int]$vc.Build -ge [int]$entrySafe.Build){[string]$true}else{[string]$false}
            }
            else{'na'}
          }},
          @{N='Action';E={
            if($script:entrySafe -ne $null){
            $script:entrySafe.Action
            }
            else{'na'}
          }}
      }
    }
  }
}</pre><p></p>
<h3>Annotations</h3>
<p><strong>Line 17-85</strong>: The correlation between each of the vulnerabilities, the vSphere Server version and build and the fix mentioned in VMSA-2015-0007. Note that <a href="https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;cmd=displayKC&amp;externalId=1014508" target="_blank">KB<span id="kbarticlename">1014508</span></a>, where one can normally find all update levels and the corresponding build number, is missing some of the proposed solutions from VMSA-2015-0007. For these I tried to determine the desired build number from the Product Download page under <a href="https://my.vmware.com/web/vmware/login" target="_blank">MyVMware</a>. Also note that the <strong>Product Patches</strong> page under MyVMware, doesn&#8217;t seem to use the same terminology that is used in VMSA-2015-0007.</p>
<p><strong>Line 91</strong>: the script uses the connected vCenters, as available in $Global:DefaultVIServers, to scan. It&#8217;s important that you connect to the vCenter(s) before you call the function.</p>
<h2>Sample Usage</h2>
<p>The function will look at all connected vCenters. It uses the values in $Global:DefaultVIServers to find these connected vSphere vCenters. For each vCenter it will query all connected ESXi servers.</p>
<p></p><pre class="urvanov-syntax-highlighter-plain-tag">Get-VMSA-2015-0007 |
Export-Csv -Path C:\VMSA-2015-0007.csv -NoTypeInformation -UseCulture</pre><p></p>
<p>The function returns an object array with all results from the investigation. When you redirect the result to a CSV file, you will get something like this.</p>
<p><a href="https://www.lucd.info/2015/10/04/vmsa-2015-0007-report/patch-2/" rel="attachment wp-att-5024"><img decoding="async" class="alignnone size-full wp-image-5024" src="https://lucd.info/wp-content/uploads/2015/10/patch1.png" alt="patch" width="863" height="356" srcset="https://www.lucd.info/wp-content/uploads/2015/10/patch1.png 863w, https://www.lucd.info/wp-content/uploads/2015/10/patch1-300x124.png 300w" sizes="(max-width: 863px) 100vw, 863px" /></a></p>
<p><span style="background-color: #ffff00;">Note</span> that CVE-2015-1047 and CVE-2015-2342 list different fix levels for the vCenter. The report lists the build corresponding with the CVE (Common Vulnerabilities and Exposures). You should of course apply the highest build, that way you will comply with both requirements.</p>
<p>Should you find any discrepancies in the product, versions and build numbers, please let me know.</p>
<p>Enjoy!</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.lucd.info/2015/10/04/vmsa-2015-0007-report/feed/</wfw:commentRss>
			<slash:comments>10</slash:comments>
		
		
			</item>
	</channel>
</rss>
