首页 -> 安全研究
安全研究
安全漏洞
VMware ESX/ESXi虚拟机文件描述符本地权限提升漏洞
发布日期:2013-12-22
更新日期:2013-12-24
受影响系统:
VMWare ESX 4.1描述:
VMWare ESX 4.0
VMWare ESXi 5.0
VMWare ESXi 4.1
VMWare ESXi 4.0
BUGTRAQ ID: 64491
CVE(CAN) ID: CVE-2013-5973
VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。
VMware ESX 4.0、4.1、VMware ESXi 4.0, 4.1, 5.0, 5.1, 5.5在实现上存在本地权限提升漏洞,本地用户用Virtual Machine Power User或Resource Pool Administrator权限对文件名带的-flat、-rdm、-rdmp的虚拟机,执行vCenter Server Add Existing Disk操作,利用此漏洞可读取或修改任意文件。
<*来源:Shanon Olsson
链接:http://www.vmware.com/security/advisories/VMSA-2013-0016.html
*>
建议:
厂商补丁:
VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2013-0016)以及相应补丁:
VMSA-2013-0016:VMware ESXi and ESX unauthorized file access through vCenter Server and ESX - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0016.html#sthash.EQlpKjw6.dpuf
链接:http://www.vmware.com/security/advisories/VMSA-2013-0016.html
补丁下载:
ESXi and ESX
------------------
https://www.vmware.com/patchmgr/download.portal
ESXi 5.5
------------------
File: ESXi550-201312001.zip
md5sum: c2edc6fbe983709a5a643fe5e03c055b
sha1sum: df55f419056b2dab25e28ca87ccdd8a099849a40
http://kb.vmware.com/kb/2063795
ESXi550-201312001 contains ESXi550-201312101-SG
ESXi 5.1
------------------
File: ESXi510-201310001.zip
md5sum: 00b6a97b3042dc45da52e20b67666387
sha1sum: 8b0e2e832d0c603991718da17e1f73de4f0969cc
http://kb.vmware.com/kb/2053402
ESXi510-201310001 contains ESXi510-201310101-SG
ESXi 5.0
------------------
File: update-from-esxi5.0-5.0_update03.zip
md5sum: 7e6185fa3238a4895613b39e57a2a94b
sha1sum: aa3929d2c8183aeaecdc238cbbf4d270bd70dd07
http://kb.vmware.com/kb/2055559
update-from-esxi5.0-5.0_update03 contains ESXi500-201310101-SG
ESXi 4.1
------------------
File: ESXi410-201312001.zip
md5sum: f85c0c449513b88b22f19a5f11966d5e
sha1sum: cfde5abbef77976b76d55813ae1e7bbbbca25b7b
http://kb.vmware.com/kb/2061210
ESXi410-201312001 contains ESXi410-201312401-SG
ESXi 4.0
------------------
File: ESX400-201310001.zip
md5sum: 9d47cf815ed142a17f97002379b5e386
sha1sum: 91082ec4263333f9b996883cb53dbe9aab7a88b5
http://kb.vmware.com/kb/2059495
ESX400-201310001 contains ESXi400-201310401-SG
ESX 4.1
------------------
File: ESX410-201312001.zip
md5sum: c35763a84db169dd0285442d4129cc18
sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40
http://kb.vmware.com/kb/2061209
ESX410-201312001 contains ESX410-201312401-SG
ESX 4.0
------------------
File: ESX400-201310001.zip
md5sum: 9d47cf815ed142a17f97002379b5e386
sha1sum: 91082ec4263333f9b996883cb53dbe9aab7a88b5
http://kb.vmware.com/kb/2059495
ESX400-201310001 contains ESX400-201310401-SG
- See more at: http://www.vmware.com/security/advisories/VMSA-2013-0016.html#sthash.EQlpKjw6.dpuf
浏览次数:3284
严重程度:0(网友投票)
绿盟科技给您安全的保障