Address Samba Remote Code Execution and Clickjack vulnerabilities in vRealize Log Insight 4.x
Article ID: 319583
Updated On:
Products
VMware Aria Suite
Issue/Introduction
To address Samba Remote Code Execution (CVE-2012-1182) and Clickjack vulnerabilities
Symptoms:
Symptoms:
- Security scans report CVE-2012-1182 and/or the Clickjacking vulnerability.
Environment
VMware vRealize Log Insight 4.x
Resolution
Uninstall the offending Samba application and add the X-Frame-Options header to the web.xml file.
- Log into the Primary node as root via SSH or console.
- Run the following command to uninstal Samba:
rpm -e --nodeps libsmbclient0-3.6.3-94.8.1
- Open the /usr/lib/loginsight/application/3rd_party/apache-tomcat-8.5.XX/webapps/ROOT/WEB-INF/web.xml file in a text editor.
- Add the following tags and values to the web.xml script:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- Save and close the file.
- Restart the Log Insight service:
service loginsight restart
- Repeat steps 1-6 on all other nodes in the vRealize Log Insight cluster.
Additional Information
vRealize Log Insight 8.x and later are not affected by CVE-2012-1182, as the Samba rpm is not included by default, and the required tags and values are already included in web.xml.
Impact/Risks:
Before modifying the appliance, take a snapshot of the vRealize Log Insight nodes.
Do not snapshot the virtual machine’s memory or quiesce the guest file system when creating the snapshots.
Adding the filters in the Resolution section will block the ability to open vRealize Log Insight objects in vRealize Operations Manager via launch in context.
Impact/Risks:
Before modifying the appliance, take a snapshot of the vRealize Log Insight nodes.
Do not snapshot the virtual machine’s memory or quiesce the guest file system when creating the snapshots.
Adding the filters in the Resolution section will block the ability to open vRealize Log Insight objects in vRealize Operations Manager via launch in context.
Feedback
Yes
No
Powered by
