Lucene search

K
seebugRootSSV:5005
HistoryApr 07, 2009 - 12:00 a.m.

VMware宿主产品VMSA-2009-0005多个远程漏洞

2009-04-0700:00:00
Root
www.seebug.org
66

EPSS

0.078

Percentile

94.2%

BUGTRAQ ID: 34373
CVE ID:CVE-2008-4916
CVE-2008-3761
CVE-2009-1146
CVE-2009-1147
CVE-2009-0910
CVE-2009-0909
CVE-2009-0908
CVE-2009-0177
CVE-2009-0518
CNCVE ID:CNCVE-20084916
CNCVE-20083761
CNCVE-20091146
CNCVE-20091147
CNCVE-20090910
CNCVE-20090909
CNCVE-20090908
CNCVE-20090177
CNCVE-20090518

Vmware产品存在多个安全漏洞,具体如下:
a.客户端虚拟设备驱动中一个漏洞,允许客户操作系统使宿主崩溃,并影响宿主上的任意虚拟机器。
b.hcmon.sys中存在拒绝服务攻击,hcmon.sys中的ioctl可用于对基于windows的宿主进行拒绝服务攻击。需要windows帐户利用此漏洞。
c.基于windows的宿主或者客户机存在VMCI特权提升。虚拟机通信接口(VMCI)是为虚拟机和宿主操作系统及同意宿主中两个或多个虚拟机间提供快速有效通信的架构。vmci.sys存在漏洞,允许基于windows的机器提升特权。当前ESX版本不支持VMCI接口,不受此漏洞影响。
d.VNnc codec存在堆溢出漏洞,VNnc Codec用于记录和重播会话,记录和重播用于记录一定时间内动态虚拟机状态。
其中存在两个堆溢出漏洞允许远程攻击者在VMware宿主产品上执行任意代码。攻击者要成功个利用漏洞必须诱使用户访问恶意WEB页或打开恶意视频文件。
e.VMware Host Guest File System (HGFS)共享文件夹功能允许用户在客户机操作系统和非虚拟化宿主操作系统进行数据传送。ACE共享文件夹存在漏洞允许之前关闭并没有删除的共享文件夹被非ACE管理员打开。
f.vmware-authd.exe存在漏洞可导致拒绝服务攻击。
g.使用VI客户端登录VirtualCenter服务器后,VirtualCenter Server的密码信息会存在于VI客户端内存中,可导致敏感信息泄漏。

VMWare Workstation for Linux 0
VMWare Workstation 6.5.1
VMWare Workstation 6.5 build 118166
VMWare Workstation 6.0.5 build 109488
VMWare Workstation 6.0.5
VMWare Workstation 6.0.4 build 93057
VMWare Workstation 6.0.4
VMWare Workstation 6.0.3 Build 80004
VMWare Workstation 6.0.3
VMWare Workstation 6.0.2
VMWare Workstation 6.0.1
VMWare Server 1.0.8 build 126538
VMWare Server 1.0.7 build 108231
VMWare Server 1.0.7
VMWare Server 1.0.6 build 91891
VMWare Server 1.0.6
VMWare Server 1.0.5 Build 80187
VMWare Server 1.0.5
VMWare Server 1.0.4
VMWare Server 1.0.3
VMWare Server 1.0.2
VMWare Player 2.5.1
VMWare Player 2.5 build 118166
VMWare Player 2.0.5 build 109488
VMWare Player 2.0.5
VMWare Player 2.0.4 build 93057
VMWare Player 2.0.4
VMWare Player 2.0.3 Build 80004
VMWare Player 2.0.2
VMWare Player 2.0.1
VMWare Player 2.0
VMWare Player 1.0.9 build 126128
VMWare Player 1.0.8 build 108000
VMWare Player 1.0.8
VMWare Player 1.0.7 build 91707
VMWare Player 1.0.6 Build 80404
VMWare Player 1.0.6
VMWare Player 1.0.5
VMWare Player 1.0.4
VMWare Player 1.0.3
VMWare Player 1.0.2
VMWare Player 1.0.1 Build 19317
VMWare ESXi Server 3.5
VMWare ESX Server 3.0.3
VMWare ESX Server 3.0.2
VMWare ESX Server 3.5
VMWare ACE 2.5.1
VMWare ACE 2.5 build 118166
VMWare ACE 2.0.5 build 109488
VMWare ACE 2.0.5
VMWare ACE 2.0.3
VMWare ACE 2.0.2 build 93057
VMWare ACE 2.0.2
VMWare ACE 2.0.1
VMWare ACE 2.0
VMWare ACE 1.0.8 build 125922
VMWare ACE 1.0.7 build 108880
VMWare ACE 1.0.7
VMWare ACE 1.0.5
VMWare ACE 1.0.4
VMWare ACE 1.0.3
VMWare ACE 1.0.2 Build 19206
VMWare ACE 1.0.2
VMWare ACE 1.0
VMWare ACE 1.0.5 build 79846
可参考如下升级程序:
VMware Workstation 6.5.2

<a href target=“_blank”>www.vmware.com/download/ws/</a>
Release notes:
<a href target=“_blank”>www.vmware.com/support/ws65/doc/releasenotes_ws652.html</a>
For Windows
Workstation for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
sha1sum: ccdb6bcb867638e8f4f493bc02c6f70c5ebbb88e
For Linux
Workstation for Linux 32-bit
Linux 32-bit .rpm
md5sum: 69b039c848f6b2c94948928d8e9057bb
sha1sum: 37ca77ef550db932cf7b078fcbd6fa0155e3411e
Workstation for Linux 32-bit
Linux 32-bit .bundle
md5sum: 5d4ccf9c23701d09a671f586a9bb4190
sha1sum: d508111adf479d82049c323b1d0b82200c0ab4dd
Workstation for Linux 64-bit
Linux 64-bit .rpm
md5sum: 19387416e3b597b901dfe84e4a2bcd97
sha1sum: 0726518abc9a77051d991af570774bae1625ff78
Workstation for Linux 64-bit
Linux 64-bit .bundle
md5sum: 56dfc3adcf96701f440b19a8cf06c3df
sha1sum: 04aa442a2b9bf2c67d6266a410b20ef146b93bef
VMware Player 2.5.2

<a href target=“_blank”>www.vmware.com/download/player/</a>
Release notes:
<a href target=“_blank”>www.vmware.com/support/player25/doc/releasenotes_player252.html</a>
Player for Windows binary
download3.vmware.com/software/vmplayer/VMware-player-2.5.2-156735.exe
md5sum: 01356d729e9b031c8904e9560a02c469
Player for Linux (.rpm)
download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i386.rpm
md5sum: aa047047b72de7f4b53d9c2128b53bec
Player for Linux (.bundle)
download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.i386.bundle
md5sum: bd51e8f8ef2417080c6d734f6ea9fb87
VMware Player 2.5.2 - 64-bit (.rpm)
download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x86_64.rpm
md5sum: 5b488b97b5091d3980eb74ec0a5c065b
VMware Player 2.5.2 - 64-bit (.bundle)
download3.vmware.com/software/vmplayer/VMware-Player-2.5.2-156735.x86_64.bundle
md5sum: 25254cd60c4063c2c68a8bf50c2c4869
VMware ACE 2.5.2

<a href target=“_blank”>www.vmware.com/download/ace/</a>
Release notes:
<a href target=“_blank”>www.vmware.com/support/ace25/doc/releasenotes_ace252.html</a>
ACE Management Server Virtual Appliance
AMS Virtual Appliance .zip
md5sum: 430ff7792d9d490d1678fc22b4c62121
sha1sum: 98b74e0dba4214b055c95ccea656bfa2731c3fee
VMware ACE for Windows 32-bit and 64-bit
Windows 32-bit and 64-bit .exe
md5sum: 8336586b9f9e5180d5279a0b988e82a6
ACE Management Server for Windows
Windows .exe
md5sum: 44918519a7bac2501b211c9825ed8268
sha1sum: 97655c824815f7c4e25f6940c708f835ab616da9
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: 7fcb0409474c7e81accc90f25d80b00e
sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 745e3115f8557fa04c2ddaf25320a911
sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
VMware Server 2.0.1

<a href target=“_blank”>www.vmware.com/download/server/</a>
Release notes:
<a href target=“_blank”>www.vmware.com/support/server2/doc/releasenotes_vmserver201.html</a>
For Windows
VMware Server 2
Version 2.0.1 | 156745 - 03/31/09
507 MB EXE image VMware Server 2 for Windows Operating Systems. A
master installer file containing all Windows components of VMware
Server.
md5sum: d0eefaa79e42d13a693c4d732a460ba4
VIX API 1.6 for Windows.
Version 1.6.2 | 156745 - 03/31/09 37 MB EXE image
md5sum: ad531ed3c37c0a50fb915981f83ca133
For Linux
VMware Server 2 for Linux Operating Systems.
Version 2.0.1 | 156745 - 03/31/09 465 MB RPM image
md5sum: eb42331bbd9be30848826b8cab73e0ca
VMware Server 2 for Linux Operating Systems.
Version 2.0.1 | 156745 - 03/31/09 466 MB TAR image
md5sum: be96bc1696f4cef67755bfd2553ce233
VMware Server 2 for Linux Operating Systems 64-bit version.
Version 2.0.1 | 156745 - 03/31/09 434 MB RPM image
md5sum: 697a792c70d50e98a347c06b323bd20b
The core application needed to run VMware Server 2, 64-bit version.
Version 2.0.1 | 156745 - 03/31/09 436 MB TAR image
md5sum: f40498229772910d6a6788b7803f9c38
VIX API 1.6 for Linux.
Version 1.6.2 | 156745 - 03/31/09 17 MB TAR image
md5sum: 2ef6174b90cdd9a2832b57dbe94cfbb1
64-bit VIX API 1.6 for Linux.
Version 1.6.2 | 156745 - 03/31/09 21 MB TAR image
md5sum: 454aeba273f9a89c578223c95b262323
VMware Server 1.0.9

<a href target=“_blank”>www.vmware.com/download/server/</a>
Release notes:
<a href target=“_blank”>www.vmware.com/support/server/doc/releasenotes_server.html</a>
VMware Server for Windows 32-bit and 64-bit
download3.vmware.com/software/vmserver/VMware-server-installer-1.0.9-156507.exe
md5sum: 8c650f8a0a0521b69c6aba00d910cfb9
VMware Server Windows client package
download3.vmware.com/software/vmserver/VMware-server-win32-client-1.0.9-156507.zip
md5sum: c83e673f7422a4f3edaf7d9337cf5d6d
VMware Server for Linux
download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.tar.gz
md5sum: ff4b57588514c83b1a828e3b19843ad2
VMware Server for Linux rpm
download3.vmware.com/software/vmserver/VMware-server-1.0.9-156507.i386.rpm
md5sum: c8fc9e9f948f2807b9f8bfb3ca318f36
Management Interface
download3.vmware.com/software/vmserver/VMware-mui-1.0.9-156507.tar.gz
md5sum: dbf99faef8bd26e173cf2514d7bea449
VMware Server Linux client package
download3.vmware.com/software/vmserver/VMware-server-linux-client-1.0.9-156507.zip
md5sum: 7e76a481408454a747bb4d076a6e2524

VirtualCenter

VMware VirtualCenter 2.5 Update 4
<a href target=“_blank”>www.vmware.com/download/download.do</a>
DVD iso image
md5sum: 4304334ed7662b6a43646e6dde0956d2
Zip file
md5sum: 1306cb9b25e28a06bab84257d7cbf38f
Release Notes
<a href target=“_blank”>www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html</a>

ESXi

ESXi 3.5 patch ESXe350-200811401-O-SG (guest virtual device driver)
download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip
md5sum: e895c8cb0d32b722d7820d0214416092
kb.vmware.com/kb/1007508
ESXi 3.5 patch ESXe350-200903201-O-UG (VI Client)
download3.vmware.com/software/vi/ESXe350-200903201-O-UG.zip
md5sum: 45632da28812837bb00cee86af85b8a5
kb.vmware.com/kb/1007992
NOTES: ESXi 3.5 patch ESXe350-200903201-O-UG supercedes
ESXe350-200811401-O-SG
The three ESXi patches for Firmware "I", VMware Tools "T,"
and the VI Client "C" are contained in a single offline "O"
download file.
ESX

ESX 3.5 patch ESX350-200811401-SG (guest virtual device driver)
download3.vmware.com/software/vi/ESX350-200811401-SG.zip
md5sum: 988042ce20ce2381216fbe1862c3e66d
kb.vmware.com/kb/1007501

ESX 3.5 patch ESX350-200903201-UG (VI Client)
download3.vmware.com/software/vi/ESX350-200903201-UG.zip
md5sum: 650fa096cf270ec58d38e9ff41c661aa
kb.vmware.com/kb/1007971
ESX 3.0.3 patch ESX303-200811401-BG (guest virtual device driver)
download3.vmware.com/software/vi/ESX303-200811401-BG.zip
md5sum: 26bf687a3483951d1f14ab66edf1d196
kb.vmware.com/kb/1006986
ESX 3.0.2 patch ESX-1006980 (guest virtual device driver)
download3.vmware.com/software/vi/ESX-1006980.tgz
md5sum: 5e73f1585fea3ee770b2df2b94e73ca4
kb.vmware.com/kb/1006980