发布日期：2019-03-30
更新日期：2019-04-02

受影响系统：

VMWare Fusion 11.x < 11.0.3

描述：

---

BUGTRAQ  ID: 107637
CVE(CAN) ID: CVE-2019-5514

VMware Fusion是一套专用于在苹果机（Mac）上运行Windows应用程序的的虚拟机软件。

VMware Fusion 11.x < 11.0.3版本，由于通过网络套接字可以未经验证访问某些API，在实现中存在安全漏洞，攻击者利用此漏洞可在客户端上执行未授权操作。

<*来源：CodeColorist (@CodeColorist)
        Csaba Fitzl (@theevilbit)
  
  链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html
*>

建议：

---

厂商补丁：

VMWare
------
VMWare已经为此发布了一个安全公告（VMSA-2019-0005）以及相应补丁:
VMSA-2019-0005：VMware ESXi, Workstation and Fusion updates address multiple security issues
链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html

补丁下载：

ESXi 6.7

Downloads:  https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201903001.html



ESXi 6.5  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html



ESXi 6.0  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201903001.html



VMware Workstation Pro 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



VMware Workstation Player 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html



VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Downloads and Documentation:

https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

浏览次数：3212
严重程度：0（网友投票）