VMware Studio虚拟应用设备WEB接口文件上传目录遍历漏洞

2009-09-02T00:00:00
ID SSV:12189
Type seebug
Reporter Root
Modified 2009-09-02T00:00:00

Description

Bugraq ID: 36199 CVE ID:CVE-2009-2968

VMware Studio是一款用于开发,配置,定制虚拟应用程序和应用设备的解决方案。 VMware Studio支持的web接口组件不正确过滤用户输入,远程攻击者可以利用漏洞上传文件到VMware Studio虚拟应用设备上的任意目录中。 不过此漏洞不影响由 Studio 2.0 beta建立的虚拟机。

VMWare Studio 2.0 beta 用户可联系供应商获得相应产品的补丁或升级程序: VMware Studio 2.0 build 1017-185256


http://www.vmware.com/support/developer/studio/ Release notes: http://www.vmware.com/support/developer/studio/studio20/release_notes.ht ml VMware Studio appliance in ZIP (md5sum:58cb40704d12f4ec329b887ae729aba9) (sha1sum:2931a6a4de7e77016d08c6539cab93a6304ab452) VMware Studio appliance in OVA Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0 .1017-185256_OVF10.ova (md5sum:0b0edb02865ae935bcffcccbf346adc2) (sha1sum:f126339ab0de5b684e60ab7dfd50ddb15f2391cc) VMware Studio appliance in OVF 1.0 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0 .1017-185256_OVF10.ovf (md5sum:a3dfca29578a75b0440be3419396c85c) (sha1sum:67f08e73de18ddeea257fefe6475f289d643ad77) VMware Studio appliance in OVF 0.9 Deployment URL: http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0 .1017-185256_OVF09.ovf (md5sum:959c61270dc872be2f5e65e59480852d) (sha1sum:ac3c2d612f0b877f10ca607467b6a95b31ed3dd7) VMDK associated to the OVF 1.0 and OVF 0.9 descriptor (md5sum:617ec59063d2ba180b19f680fb1b49b1) (sha1sum:eb1d474cde175a9e042c9613eae31822843394cf) VMware Studio Plugin for Eclipse in ZIP (md5sum:9970df718f08f92c053758187c979293) (sha1sum:2d5a9a8d3d68faa3afd317b148f060a74cbd359a)