VMware KB: Unable to open a virtual machine console using the vSphere Web client in VMware vCenter Server 5.5 update 2

VMware KB: Unable to open a virtual machine console using the vSphere Web client in VMware vCenter Server 5.5 update 2.

This KB article restates an item from the vCenter 5.5 Update 2 release notes:

Virtual machines with HTML 5 console in vSphere 5.5 open connections with http:// instead of https://
When the HTML 5 console is launched on a virtual machine, it uses connections like http:// and web sockets like ws:// instead of secure connections like https:// and wss://.

This release resolves the issue by launching the virtual machine console with secure connection over port 7343 instead of the connection over port 7331.

This was a welcome change, but it introduces a potential connectivity issue for those who don’t read the release notes!

Here is a link to the release notes:  https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u2-release-notes.html#networkingissues

Here is the top level KB article for required TCP and UDP ports for vSphere products. Notice the left hand column where the version numbers are listed!
TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components


VMware KB: Configuring syslog server for VMware NSX for vSphere 6.x controllers

VMware KB: Configuring syslog server for VMware NSX for vSphere 6.x controllers.

This is an interesting KB article. Please notice that the method for configuration is an API call! This is built for automation!

FYI, You configure the NSX Manager appliance to use a syslog server with a web browser.


Select “Manage Appliance Settings”


On the Settings > General page, click the edit button in the Syslog Server portion of the page.


Enter the DNS name or IP address of your Syslog server, then click OK.


New VCP5-DCV Delta Exam

Yesterday, I got a message from VMware Education that they are offering an online VCP5-DCV recertification exam for a limited time. For any of you who have a VCP5 that is set to expire in the spring (that is most of you!), this is a terrific way to get recertified!

Here is the information from the VMware education site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=51919&ui=www_cert

VCP5-DCV-Delta Exam

Download the exam blueprint here. After a quick review of the exam blueprint, it appears that the objectives are approximately the same, however the VCP550D exam has 65 questions with 75 minutes to complete, while the VCP550 exam has 135 questions and a time limit of 120 minutes.

Here is a link to the Pearson Vue VCP550D exam page: https://www2.pearsonvue.com/testtaker/registration/ExamSeriesDetailPage/VMWAREINC/200140.


VMware Education’s Recertification Policy has other avenues for recertification for those of you who are interested in advancing to the Advanced Professional level (VCAP) or may be interested in broadening your certification with additional Professional level (VCP) certifications in Cloud, End User Computing or Network Virtualization.

Note that the offer is only good through November 30, 2014.

Shell Shocker BASH vulnerability links

A flaw in Bash, the most common Linux command shell, from 22 years ago that was discovered and incompletely patched earlier this year is reported to pose a very severe threat to systems that include it. If you use a BASH shell in Linux or other derived operating system like Android or Apple OS X (like me and I am sure many of you!) you are probably vulnerable.

According to Mitre:
vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Am I vulnerable?
Edit for the time being: You are. No complete public fix has been posted yet, for the new CVE (CVE-2014-7169). The instructions I give below are only sufficient to close off part of the vulnerability.
There is an easy check. Open a terminal and paste the following:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
It simply sets the environment variable called x to the value ‘() { :;}; echo vulnerable’. It then invokes bash asking it to echo back the word hello. The value of x that is set is a function definition that should do nothing. However, it is crafted to try to run ‘echo vulnerable’ at parsing of environment at bash start-up, which just prints vulnerable to standard out.

If you are not vulnerable, then the following will be shown:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

If you are vulnerable, then you will see:

Here is a link to more information from the Register: http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
Here is an article from TrendMicro that also describes the vulnerability: http://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/

Several of the vendors we have partnerships with are investigating their products to determine their vulnerability and response.

F5 has posted the security advisory: http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
VMware has posted in their security and compliance blog that they are investigating: http://blogs.vmware.com/security/2014/09/vmware-investigating-bash-command-injection-vulnerability-aka-shell-shock-cve-2014-6271-cve-2014-7169.html
Red Hat has posted a very good description ion their security blog: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Another Red Hat post: https://access.redhat.com/articles/1200223

Here are links to the advisories and repositories from the US Government:

US Computer Emergency Readiness Team (US-CERT) Advisory: https://www.us-cert.gov/ncas/alerts/TA14-268A
NIST-National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
Mitre Common Vulnerabilities and Exposures (CVE) entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Since the patches for Bash started being released last week, three new Bash vulnerabilities have been identified: – These are new since I sent out the email last week. If systems were patched on Friday, they are probably vulnerable now unless the new patches have been applied!

US Computer Emergency Readiness Team (US-CERT) Advisory: https://www.us-cert.gov/ncas/alerts/TA14-268A

Vulnerability Note VU#252743 GNU Bash shell executes commands in exported functions in environment variables: http://www.kb.cert.org/vuls/id/252743 – This is a very good article describing affected systems

NIST-National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187

Mitre Common Vulnerabilities and Exposures (CVE) entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Shellshocker.net https://shellshocker.net/ – Another terrific resource for understanding and testing for the 5 vulnerabilities identified so far and instructions on patching a number of operating systems.

Additional articles and advisories from vendors:

Novell/SUSE SLES 11 is affected: https://www.novell.com/support/kb/doc.php?id=7015705

Updated Knowledgebase article listing vulnerabilities in VMware products: KB 2090740  – This list is long as VMware maintains dozens of Linux based virtual appliances.

Palo Alto Networks Security Advisory: https://securityadvisories.paloaltonetworks.com/Home/Detail/24