首页 -> 安全研究

安全研究

安全漏洞
Vmware ESXi/Workstation/Fusion 虚拟机逃逸漏洞(CVE-2018-6981)

发布日期:2018-11-12
更新日期:2018-11-13

受影响系统:
VMWare Workstation 15.x
VMWare Workstation 14.x
VMWare Fusion 11.x
VMWare Fusion 10.x
VMWare ESXi 6.7
VMWare ESXi 6.5
VMWare ESXi 6.0
描述:
CVE(CAN) ID: CVE-2018-6981

VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台;VMware Workstation是一套虚拟机软件;Fusion是一套专用于在苹果机(Mac)上运行Windows应用程序的的虚拟机软件。

Vmware ESXi、Workstation和Fusion中存在安全漏洞,该漏洞源于vmxnet3虚拟网络适配器中存在未初始化的栈内存。攻击者可通过发送来提交恶意的输入,利用该漏洞在宿主机系统上执行任意代码。

<*来源:vendor
  
  链接:https://www.vmware.com/security/advisories/VMSA-2018-0027.html
*>

建议:
厂商补丁:

VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2018-0027)以及相应补丁:
VMSA-2018-0027:VMware Security Advisory
链接:https://www.vmware.com/security/advisories/VMSA-2018-0027.html

ESXi 6.7
下载地址及相关文档:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html



ESXi 6.5
下载地址及相关文档:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html



ESXi 6.0
下载地址及相关文档:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html



VMware Workstation Pro
下载地址及相关文档:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



VMware Workstation Player
下载地址及相关文档:

https://www.vmware.com/go/downloadplayer

https://docs.vmware.com/en/VMware-Workstation-Player/index.html



VMware Fusion Pro / Fusion
下载地址及相关文档:

https://www.vmware.com/go/downloadfusion

https://docs.vmware.com/en/VMware-Fusion/index.html

浏览次数:2009
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障