Lucene search

K
seebug
RootSSV:60646
HistoryFeb 28, 2013 - 12:00 a.m.

VMware vCenter, ESXi, ESX NFC协议内存破坏漏洞

2013-02-2800:00:00
Root
www.seebug.org
25

0.001 Low

EPSS

Percentile

43.1%

BUGTRAQ ID: 58115
CVE(CAN) ID: CVE-2013-1659

VMware vCenter是VMware vSphere套件中一个强大的主机和虚拟机集中管理组件。VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。

VMware vCenter, ESXi, ESX NFC在处理NFC协议时存在安全漏洞,要利用此漏洞攻击者必须截获并修改vCenter Server与客户端或ESXi/ESX与客户端之间的NFC通讯。成功利用此漏洞可导致代码执行。
0
VMWare ESX 4.1
VMWare ESX 4.0
VMWare ESX 3.5
VMWare ESXi 5.0
VMWare ESXi 4.1
VMWare ESXi 4.0
VMWare ESXi 3.5
厂商补丁:

VMWare

VMWare已经为此发布了一个安全公告(VMSA-2013-0003)以及相应补丁:
VMSA-2013-0003:VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
链接:http://www.vmware.com/security/advisories/VMSA-2013-0003.html

补丁下载:

vCenter Server 5.1.0

Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1

Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html

vCenter Server 5.0

Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0

Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html

vCenter Server 4.0

Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0

Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc40_u4b_rel_notes.html

VirtualCenter 2.5

Download link:
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_infrastructure_3/3_5

Release Notes:
https://www.vmware.com/support/vi3/doc/vi3_vc25u6c_rel_notes.html

ESXi and ESX

https://www.vmware.com/patchmgr/download.portal

ESXi 5.1

File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786
http://kb.vmware.com/kb/2035775
ESXi510-201212001 contains ESXi510-201212102-SG

ESXi 5.0

File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334
http://kb.vmware.com/kb/2033751
update-from-esxi5.0-5.0_update02 contains ESXi500-201212102-SG

ESXi 4.1

File: ESXi410-201211001.zip
md5sum: f7da5cd52d3c314abc31fe7aef4e50d3
sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1
http://kb.vmware.com/kb/2036257
ESXi410-201211001 contains ESXi410-201211402-BG

ESXi 4.0

File: ESXi400-201302001.zip
md5sum: 8fca17ca97669dd1d34c34902e8e7ddf
sha1sum: 51d76922eb7116810622acdd611f3029237a5680
http://kb.vmware.com/kb/2041344
ESXi400-201302001 contains ESXi400-201302402-SG

ESXi 3.5

File: ESXe350-201302401-O-SG.zip
md5sum: a2c5f49bc865625b3796c41c202d1696
sha1sum: 12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee
http://kb.vmware.com/kb/2042543
ESXe350-201302401-O-SG.zip contains ESXe350-201302401-I-SG and ESXe350-201302403-C-SG

ESX 4.1

File: ESX410-201211001.zip
md5sum: c167bccc388661e329fc494df13855c3
sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98
http://kb.vmware.com/kb/2036254
ESX410-201211001 contains ESX410-201211401-SG

ESX 4.0

File: ESX400-201302001.zip
md5sum: 5ca4276e97c19b832d778e17e5f4ba64
sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f
http://kb.vmware.com/kb/2041343
ESX400-201302001 contains ESX400-201302401-SG

ESX 3.5

File: ESX350-201302401-SG.zip
md5sum: e703cb0bc3e1eaa8932a96ea96f34a00
sha1sum: 91dcf1bf7194a289652d0904dd7af8bce0a1d2dd
http://kb.vmware.com/kb/2042541

How to find holes in your network?

Try incredible fast Vulners Perimeter Scanner and find vulnerabilities and unnecessary ip and ports in network devices inside your network before anyone else.

Try Network Scanner

0.001 Low

EPSS

Percentile

43.1%

Related for SSV:60646