发布日期：2019-03-30
更新日期：2019-04-03

受影响系统：

VMWare Workstation 15.x < 15.0.4
VMWare Workstation 14.x < 14.1.7
VMWare Fusion 11.x < 11.0.3
VMWare Fusion 10.x < 10.1.6
VMWare ESXi 6.7 < ESXi670-201903001
VMWare ESXi 6.5 < ESXi650-201903001
VMWare ESXi 6.0 < ESXi600-201903001

描述：

---

CVE(CAN) ID: CVE-2019-5518

VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台。VMware Workstation是一套虚拟机软件。VMware Fusion是一套专用于在苹果机（Mac）上运行Windows应用程序的的虚拟机软件。

VMware ESXi、Workstation和Fusion在USB 1.1 UHCI实现中存在越界读写操作安全漏洞，成功利用后可使客户端用户在主机上执行任意代码。

<*来源：CodeColorist (@CodeColorist)
        Csaba Fitzl (@theevilbit)
  
  链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html
*>

建议：

---

厂商补丁：

VMWare
------
VMWare已经为此发布了一个安全公告（VMSA-2019-0005）以及相应补丁:
VMSA-2019-0005：VMware ESXi, Workstation and Fusion updates address multiple security issues
链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html

补丁下载：

ESXi 6.7

Downloads:  https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201903001.html



ESXi 6.5  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html



ESXi 6.0  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201903001.html



VMware Workstation Pro 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



VMware Workstation Player 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html



VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Downloads and Documentation:

https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

浏览次数：3296
严重程度：0（网友投票）