BUGTRAQ ID: 32168
CVE(CAN) ID: CVE-2008-4915
VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
VMWare在处理指令的执行时存在问题,攻击者可能利用此漏洞提升自己的权限。如果在设置了Trap Flag的情况下出现中断,正确的CPU将执行转移到中断处理器之前会清除Trap Flag。对于受影响的VMware版本,如果内核态IRET设置了Trap Flag的话,则在执行单字节INT 3指令的时候Trap Flag在模式切换后仍继续存在,这造成的结果就是如果能够导致内核通过IRET设置Trap Flag的话,用户态代码在遇到INT 3断点(#BP)处理器的第一个指令的话会导致出现单步调试trap(#DB)。
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.vmware.com/download/ws/ws5.html” target=“_blank”>http://www.vmware.com/download/ws/ws5.html</a>
Release notes:
<a href=“http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html” target=“_blank”>http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html</a>
Windows binary:
md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8
Compressed Tar archive for 32-bit Linux
md5sum: 9d189e72f8111e44b27f1ee92edf265e
Linux RPM version for 32-bit Linux
md5sum: 0957c5258d033d0107517df64bfea240
<a href=“http://www.vmware.com/download/player/” target=“_blank”>http://www.vmware.com/download/player/</a>
Release notes Player 1.x:
<a href=“http://www.vmware.com/support/player/doc/releasenotes_player.html” target=“_blank”>http://www.vmware.com/support/player/doc/releasenotes_player.html</a>
Windows binary
md5sum: e2c8dd7b27df7d348f14f69de017b93f
Player 1.0.9 for Linux (.rpm)
md5sum: 471c3881fa60b058b1dac1d3c9c32c85
Player 1.0.9 for Linux (.tar)
md5sum: bef507811698e7333f5e8cb672530dbf
<a href=“http://www.vmware.com/download/ace/” target=“_blank”>http://www.vmware.com/download/ace/</a>
Release notes:
<a href=“http://www.vmware.com/support/ace/doc/releasenotes_ace.html” target=“_blank”>http://www.vmware.com/support/ace/doc/releasenotes_ace.html</a>
Windows binary
md5sum: 920a08c2fcdeaedcb3258183817419a0
ACE 1.0.8 for Linux (.rpm)
md5sum: 450254b73fa6802713136bf2c04e5b40
ACE 1.0.8 for Linux (.tar)
md5sum: 5efdaccf8217b8d7875d3f35cd6159e0
<a href=“http://www.vmware.com/download/server/” target=“_blank”>http://www.vmware.com/download/server/</a>
Release notes:
<a href=“http://www.vmware.com/support/server/doc/releasenotes_server.html” target=“_blank”>http://www.vmware.com/support/server/doc/releasenotes_server.html</a>
VMware Server for Windows 32-bit and 64-bit
md5sum: 4ba41e5fa192f786121a7395ebaa8d7c
VMware Server Windows client package
md5sum: f25746e275ca00f28d44ad372fc92536
VMware Server for Linux
md5sum: a476d3953ab1ff8457735e692fa5edf9
VMware Server for Linux rpm
md5sum: af6890506618fa82928fbfba8a5f97e1
Management Interface
md5sum: 5982b84a39479cabce63e12ab664d369
VMware Server Linux client package
md5sum: 605d7db48f63211cc3f5ddb2b3f915a6
ESXi 3.5 patch ESXe350-200810401-O-UG
<a href=“http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip” target=“_blank”>http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip</a>
md5sum: 9b83c54a005572bebb86652e3efd732a
<a href=“http://kb.vmware.com/kb/1007056” target=“_blank”>http://kb.vmware.com/kb/1007056</a>
ESX Server 3.5 update 3 CD image Refresh
md5sum: e9bdaad2d37872820a4cad8e8dbde536
<a href=“http://www.vmware.com/download/download.do?downloadGroup=ESX350U3” target=“_blank”>http://www.vmware.com/download/download.do?downloadGroup=ESX350U3</a>
ESX Server 3.5 upgrade package from ESX Server 2.x to ESX Server 3.5
Update 3 Refresh
md5sum:2da08fed15bd4b1ed5b19433e837591c
<a href=“http://www.vmware.com/download/download.do?downloadGroup=ESX350U3” target=“_blank”>http://www.vmware.com/download/download.do?downloadGroup=ESX350U3</a>
ESX Server 3.5 upgrade package from ESX Server 3.0.x to ESX Server 3.5
Update 3 Refresh
md5sum:d631aa8418d99fce4280fc3905ac4c37
<a href=“http://www.vmware.com/download/download.do?downloadGroup=ESX350U3” target=“_blank”>http://www.vmware.com/download/download.do?downloadGroup=ESX350U3</a>
ESX Server 3.5 upgrade package from ESX Server 3.5 to ESX Server 3.5
Update 3 Refresh
md5sum:4dea5d943d0c0469c397b6520dfeb0fb
<a href=“http://www.vmware.com/download/download.do?downloadGroup=ESX350U3” target=“_blank”>http://www.vmware.com/download/download.do?downloadGroup=ESX350U3</a>
ESX 3.5 patch ESX350-200810201-UG (vCPU/directory traversal)
<a href=“http://download3.vmware.com/software/vi/ESX350-200810201-UG.zip” target=“_blank”>http://download3.vmware.com/software/vi/ESX350-200810201-UG.zip</a>
md5sum: 6f26f985d9fea520ebdda7c65b60486e
<a href=“http://kb.vmware.com/kb/1007041” target=“_blank”>http://kb.vmware.com/kb/1007041</a>
ESX 3.0.3 patch ESX303-200810501-BG (vCPU)
<a href=“http://download3.vmware.com/software/vi/ESX303-200810501-BG.zip” target=“_blank”>http://download3.vmware.com/software/vi/ESX303-200810501-BG.zip</a>
md5sum: da72f475c5ac038379d712d36307e33d
<a href=“http://kb.vmware.com/kb/1006969” target=“_blank”>http://kb.vmware.com/kb/1006969</a>
ESX 3.0.2 patch ESX-1006680 (vCPU)
<a href=“http://download3.vmware.com/software/vi/ESX-1006680.tgz” target=“_blank”>http://download3.vmware.com/software/vi/ESX-1006680.tgz</a>
md5sum: 8186a2e77bc7c0e4cd5b214d0a5d29c0
<a href=“http://kb.vmware.com/kb/1006680” target=“_blank”>http://kb.vmware.com/kb/1006680</a>
VMware ESX 2.5.5 Upgrade Patch 10
<a href=“http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz” target=“_blank”>http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz</a>
md5sum: 2ee87cdd70b1ba84751e24c0bd8b4621
<a href=“http://vmware.com/support/esx25/doc/esx-255-200810-patch.html” target=“_blank”>http://vmware.com/support/esx25/doc/esx-255-200810-patch.html</a>
VMware ESX 2.5.4 Upgrade Patch 21
<a href=“http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz” target=“_blank”>http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz</a>
md5sum: d791be525c604c852a03dd7df0eabf35
<a href=“http://vmware.com/support/esx25/doc/esx-254-200810-patch.html” target=“_blank”>http://vmware.com/support/esx25/doc/esx-254-200810-patch.html</a>