首页 -> 安全研究
安全研究
安全漏洞
多个VMware产品本地权限提升漏洞(CVE-2013-1406)
发布日期:2013-02-07
更新日期:2013-03-04
受影响系统:
VMWare Workstation 8.x描述:
VMWare ESXi 5.x
VMWare ESXi 4.x
BUGTRAQ ID: 57867
CVE(CAN) ID: CVE-2013-1406
VMWare是一个虚拟机软件。
VMware ESX, Workstation, Fusion, 和 View因为vmci.sys没有正确处理控制码(Control code)而存在漏洞,本地恶意用户可以通过虚拟机交互接口(Virtual Machine Communication Interface, VMCI)利用此漏洞操控内存分配,从进在基于Windows的宿主或基于Windows的客户机中提升权限。受影响产品包括:
VMware Workstation v8.x, 9.x prior (Windows)
VMware Fusion v4.x,5.x (Mac OS X)
VMware View v4.x,5.x
VMware ESXi v4.0, 4.1, 5.0, 5.1
VMware ESX v4.0-4.1
<*来源:Derek Soeder (dsoeder@eeye.com)
链接:http://www.vmware.com/security/advisories/VMSA-2013-0002.html
*>
建议:
厂商补丁:
VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2013-0002)以及相应补丁:
VMSA-2013-0002:VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
链接:http://www.vmware.com/security/advisories/VMSA-2013-0002.html
补丁下载:
VMware Workstation 9.0.1
---------------------------
https://www.vmware.com/go/downloadworkstation
File: VMware-workstation-full-9.0.1-894247.exe
https://www.vmware.com/support/ws90/doc/workstation-901-release-notes.html
VMware Workstation 8.0.5
---------------------------
https://www.vmware.com/go/downloadworkstation
File: VMware-workstation-full-8.0.5-893925.exe
https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html
VMware Fusion 5.0.2
---------------------------
File: VMware-Fusion-5.0.2-900491.dmg
https://www.vmware.com/support/fusion5/doc/fusion-502-release-notes.html
VMware Fusion 4.1.4
---------------------------
File: VMware-Fusion-4.1.4-900582-light.dmg
https://www.vmware.com/support/fusion4/doc/releasenotes_fusion_414.html
View 5.1.2
---------------------------
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_view/5_1
Release Notes
https://www.vmware.com/support/view51/doc/view-512-release-notes.html
VMware View Connection Server (32-bit)
VMware-viewconnectionserver-5.1.2-912971.exe
VMware View Connection Server (64-bit)
VMware-viewconnectionserver-x86_64-5.1.2-912971.exe
View 4.6.2
---------------------------
http://downloads.vmware.com/d/info/desktop_downloads/vmware_view/4_6
Release Notes
https://www.vmware.com/support/view46/doc/view-462-release-notes.html
VMware View Connection Server (32-bit)
VMware-viewconnectionserver-4.6.2-916912.exe
VMware View Connection Server (64-bit)
VMware-viewconnectionserver-x86_64-4.6.2-916912.exe
ESXi and ESX
---------------------------
https://www.vmware.com/patchmgr/download.portal
ESXi 5.1
---------------------------
File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786
http://kb.vmware.com/kb/2035775
ESXi510-201212001 contains ESXi510-201212102-SG
ESXi 5.0
---------------------------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334
http://kb.vmware.com/kb/2033751
update-from-esxi5.0-5.0_update02.zip contains ESXi500-201212102-SG
ESXi 4.1
---------------------------
File: ESXi410-201211001.zip
md5sum: f7da5cd52d3c314abc31fe7aef4e50d3
sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1
http://kb.vmware.com/kb/2036257
ESXi410-201211001 contains ESXi410-201211402-BG
ESXi 4.0
---------------------------
File: ESXi400-201302001.zip
md5sum: 8fca17ca97669dd1d34c34902e8e7ddf
sha1sum: 51d76922eb7116810622acdd611f3029237a5680
http://kb.vmware.com/kb/2041344
ESXi400-201302001 contains ESXi400-201302402-SG
ESX 4.1
---------------------------
File: ESX410-201211001.zip
md5sum: c167bccc388661e329fc494df13855c3
sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98
http://kb.vmware.com/kb/2036254
ESX410-201211001 contains ESX410-201211401-SG
ESX 4.0
---------------------------
File: ESX400-201302001.zip
md5sum: 5ca4276e97c19b832d778e17e5f4ba64
sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f
http://kb.vmware.com/kb/2041343
ESX400-201302001 contains ESX400-201302401-SG
浏览次数:3968
严重程度:0(网友投票)
绿盟科技给您安全的保障