发布日期:2013-02-21
更新日期:2013-02-27
受影响系统:
VMWare vCenter 5.0
VMWare vCenter 4.1 Update 2
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 58139
CVE ID: CVE-2012-6326
VMware vCenter Server可以快速部署虚拟机,并监控物理服务器和虚拟机的性能,可通过单个界面部署、监控和管理虚拟化IT 环境,并确保最佳的服务级别。
vCenter Server和vCenter Server Appliance (vCSA)允许未验证远程用户创建超大日志条目,在实现上存在安全漏洞,可允许攻击者填充vCenter主机或设备VM的系统卷,并造成拒绝服务。
<*来源:vendor
链接:
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2012-0018)以及相应补丁:
VMSA-2012-0018:VMware security updates for vCSA, vCenter Server, and ESXi
链接:
补丁下载:
vCenter Server 5.1.0b
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html
vCenter Server 5.0 Update 2
---------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html
vCenter Server 4.1 Update 3
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.html
ESXi and ESX
------------
The download for ESXi includes vCenter Server Appliance.
https://my.vmware.com/web/vmware/downloads
ESXi 5.1
--------
File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786
ESXi510-201212001 contains ESXi510-201212101
ESXi 5.0
--------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334
update-from-esxi5.0-5.0_update02.zip contains ESXi500-201212101