cnvd - cnvd-2017-33976

cnvd-2017-33976

Vulnerability from cnvd

Title: VMware vCenter Server拒绝服务漏洞（CNVD-2017-33976）

Description:

VMware vCenter Server提供了一个管理虚拟基础设施的集中式、可扩展平台。

VMware vCenter Server 5.5、6.0和6.5版本存在拒绝服务漏洞。远程用户可通过发送特制LDAP数据包导致目标服务崩溃。

Severity: 中

Patch Name: VMware vCenter Server拒绝服务漏洞（CNVD-2017-33976）的补丁

Patch Description:

VMware vCenter Server提供了一个管理虚拟基础设施的集中式、可扩展平台。

VMware vCenter Server 5.5、6.0和6.5版本存在拒绝服务漏洞。远程用户可通过发送特制LDAP数据包导致目标服务崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： http://www.vmware.com/security/advisories/ID: VMSA-2017-0017.html

Reference: https://securitytracker.com/id/1039759

Impacted products

Name
['VMWare vCenter Server 5.5', 'VMWare vCenter Server 6.0', 'VMWare vCenter Server 6.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4927"
    }
  },
  "description": "VMware vCenter Server\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7ba1\u7406\u865a\u62df\u57fa\u7840\u8bbe\u65bd\u7684\u96c6\u4e2d\u5f0f\u3001\u53ef\u6269\u5c55\u5e73\u53f0\u3002\r\n\r\nVMware vCenter Server 5.5\u30016.0\u548c6.5\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236LDAP\u6570\u636e\u5305\u5bfc\u81f4\u76ee\u6807\u670d\u52a1\u5d29\u6e83\u3002",
  "discovererName": "VMware",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.vmware.com/security/advisories/ID: VMSA-2017-0017.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33976",
  "openTime": "2017-11-15",
  "patchDescription": "VMware vCenter Server\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7ba1\u7406\u865a\u62df\u57fa\u7840\u8bbe\u65bd\u7684\u96c6\u4e2d\u5f0f\u3001\u53ef\u6269\u5c55\u5e73\u53f0\u3002\r\n\r\nVMware vCenter Server 5.5\u30016.0\u548c6.5\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236LDAP\u6570\u636e\u5305\u5bfc\u81f4\u76ee\u6807\u670d\u52a1\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware vCenter Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-33976\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare vCenter Server 5.5",
      "VMWare vCenter Server 6.0",
      "VMWare vCenter Server 6.5"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1039759",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-13",
  "title": "VMware vCenter Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-33976\uff09"
}

CVE-2017-4927 (GCVE-0-2017-4927)

Vulnerability from cvelistv5

Published

2017-11-17 14:00

Modified

2024-09-17 02:00

Severity ?

CWE

LDAP denial of service vulnerability

Summary

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

References

▼	URL	Tags
	https://www.vmware.com/security/advisories/VMSA-2017-0017.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039759	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/101786	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	VMware	vCenter Server	Version: 6.5 prior to 6.5 U1 Version: 6.0 prior to 6.0 U3c

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:43.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
          },
          {
            "name": "1039759",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039759"
          },
          {
            "name": "101786",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101786"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vCenter Server",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "6.5 prior to 6.5 U1"
            },
            {
              "status": "affected",
              "version": "6.0 prior to 6.0 U3c"
            }
          ]
        }
      ],
      "datePublic": "2017-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "LDAP denial of service vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-18T10:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
        },
        {
          "name": "1039759",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039759"
        },
        {
          "name": "101786",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101786"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2017-11-09T00:00:00",
          "ID": "CVE-2017-4927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "vCenter Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.5 prior to 6.5 U1"
                          },
                          {
                            "version_value": "6.0 prior to 6.0 U3c"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "LDAP denial of service vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
            },
            {
              "name": "1039759",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039759"
            },
            {
              "name": "101786",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101786"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2017-4927",
    "datePublished": "2017-11-17T14:00:00Z",
    "dateReserved": "2016-12-26T00:00:00",
    "dateUpdated": "2024-09-17T02:00:47.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted