VMware vCenter, ESXi, ESX NFC协议内存破坏漏洞

2013-02-28T00:00:00
ID SSV:60646
Type seebug
Reporter Root
Modified 2013-02-28T00:00:00

Description

BUGTRAQ ID: 58115 CVE(CAN) ID: CVE-2013-1659

VMware vCenter是VMware vSphere套件中一个强大的主机和虚拟机集中管理组件。VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。

VMware vCenter, ESXi, ESX NFC在处理NFC协议时存在安全漏洞,要利用此漏洞攻击者必须截获并修改vCenter Server与客户端或ESXi/ESX与客户端之间的NFC通讯。成功利用此漏洞可导致代码执行。 0 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESX 3.5 VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 厂商补丁:

VMWare

VMWare已经为此发布了一个安全公告(VMSA-2013-0003)以及相应补丁: VMSA-2013-0003:VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. 链接:http://www.vmware.com/security/advisories/VMSA-2013-0003.html

补丁下载:

vCenter Server 5.1.0

Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1

Release Notes: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html

vCenter Server 5.0

Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0

Release Notes: https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html

vCenter Server 4.0

Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0

Release Notes: https://www.vmware.com/support/vsphere4/doc/vsp_vc40_u4b_rel_notes.html

VirtualCenter 2.5

Download link: http://downloads.vmware.com/d/info/datacenter_downloads/vmware_infrastructure_3/3_5

Release Notes: https://www.vmware.com/support/vi3/doc/vi3_vc25u6c_rel_notes.html

ESXi and ESX

https://www.vmware.com/patchmgr/download.portal

ESXi 5.1

File: ESXi510-201212001.zip md5sum: 81d562c00942973f13520afac4868748 sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786 http://kb.vmware.com/kb/2035775 ESXi510-201212001 contains ESXi510-201212102-SG

ESXi 5.0

File: update-from-esxi5.0-5.0_update02.zip md5sum: ab8f7f258932a39f7d3e7877787fd198 sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334 http://kb.vmware.com/kb/2033751 update-from-esxi5.0-5.0_update02 contains ESXi500-201212102-SG

ESXi 4.1

File: ESXi410-201211001.zip md5sum: f7da5cd52d3c314abc31fe7aef4e50d3 sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1 http://kb.vmware.com/kb/2036257 ESXi410-201211001 contains ESXi410-201211402-BG

ESXi 4.0

File: ESXi400-201302001.zip md5sum: 8fca17ca97669dd1d34c34902e8e7ddf sha1sum: 51d76922eb7116810622acdd611f3029237a5680 http://kb.vmware.com/kb/2041344 ESXi400-201302001 contains ESXi400-201302402-SG

ESXi 3.5

File: ESXe350-201302401-O-SG.zip md5sum: a2c5f49bc865625b3796c41c202d1696 sha1sum: 12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee http://kb.vmware.com/kb/2042543 ESXe350-201302401-O-SG.zip contains ESXe350-201302401-I-SG and ESXe350-201302403-C-SG

ESX 4.1

File: ESX410-201211001.zip md5sum: c167bccc388661e329fc494df13855c3 sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98 http://kb.vmware.com/kb/2036254 ESX410-201211001 contains ESX410-201211401-SG

ESX 4.0

File: ESX400-201302001.zip md5sum: 5ca4276e97c19b832d778e17e5f4ba64 sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f http://kb.vmware.com/kb/2041343 ESX400-201302001 contains ESX400-201302401-SG

ESX 3.5

File: ESX350-201302401-SG.zip md5sum: e703cb0bc3e1eaa8932a96ea96f34a00 sha1sum: 91dcf1bf7194a289652d0904dd7af8bce0a1d2dd http://kb.vmware.com/kb/2042541