首页 -> 安全研究

安全研究

安全漏洞
VMware Workstation/Fusion 越界写本地代码执行漏洞(CVE-2019-5524)

发布日期:2019-03-30
更新日期:2019-04-03

受影响系统:
VMWare Workstation 14.x < 14.1.6
VMWare Fusion 10.x < 10.1.6
描述:
BUGTRAQ  ID: 107635
CVE(CAN) ID: CVE-2019-5524

VMware Workstation是一套虚拟机软件。VMware Fusion是一套专用于在苹果机(Mac)上运行Windows应用程序的的虚拟机软件。

VMware Workstation和Fusion在e1000虚拟网卡实现中存在越界写操作安全漏洞,成功利用后可使客户端用户在主机上执行任意代码或导致拒绝服务。

<*来源:Zhangyanyu
  
  链接:https://www.vmware.com/security/advisories/VMSA-2019-0005.html
*>

建议:
厂商补丁:

VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2019-0005)以及相应补丁:
VMSA-2019-0005:VMware ESXi, Workstation and Fusion updates address multiple security issues
链接:https://www.vmware.com/security/advisories/VMSA-2019-0005.html

补丁下载:

ESXi 6.7

Downloads:  https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201903001.html



ESXi 6.5  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html



ESXi 6.0  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201903001.html



VMware Workstation Pro 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



VMware Workstation Player 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html



VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Downloads and Documentation:

https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

浏览次数:2161
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障