安全研究

安全漏洞
多个VMware产品堆缓冲区溢出漏洞(CVE-2017-4902)

发布日期:2017-03-28
更新日期:2017-03-29

受影响系统:
VMWare Workstation 12.x
VMWare Fusion 8.x
VMWare ESXi 6.5
VMWare ESXi 6.0 U3
VMWare ESXi 6.0 U2*
VMWare ESXi 6.0 U1*
VMWare ESXi 5.5
描述:
BUGTRAQ  ID: 97163
CVE(CAN) ID: CVE-2017-4902

VMware软件公司提供云计算和硬件虚拟化的软件和服务。

VMware ESXi, Workstation, Fusion SVGA存在堆缓冲区溢出漏洞,可使攻击者在主机上执行任意代码。

<*来源:ZDI (http://www.zerodayinitiative.com/)
        Team Sniper
  
  链接:http://www.vmware.com/security/advisories/VMSA-2017-0006.html
*>

建议:
厂商补丁:

VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2017-0006)以及相应补丁:
VMSA-2017-0006:VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
链接:http://www.vmware.com/security/advisories/VMSA-2017-0006.html

补丁下载:

VMware ESXi 6.5  

https://my.vmware.com/group/vmware/patch

http://kb.vmware.com/kb/2149573

VMware ESXi 6.0 patch on top of ESXi 6.0 U3

https://my.vmware.com/group/vmware/patch

http://kb.vmware.com/kb/2149569

VMware ESXi 6.0 patch on top of ESXi 6.0 U2  
  
https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=ESXI60U2  

http://kb.vmware.com/kb/2149673  

VMware ESXi 6.0 patch on top of ESXi 6.0 U1  

https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=ESXI60U1B

http://kb.vmware.com/kb/2149672

ESXi 5.5  

https://my.vmware.com/group/vmware/patch
Documentation:  
http://kb.vmware.com/kb/2149577

VMware Workstation Pro 12.5.5

https://www.vmware.com/go/downloadworkstation  
https://www.vmware.com/support/pubs/ws_pubs.html  

VMware Workstation Player 12.5.5  

https://www.vmware.com/go/downloadplayer  
https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.6  

https://www.vmware.com/go/downloadfusion  
https://www.vmware.com/support/pubs/fusion_pubs.html

浏览次数:2278
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障