VMWare vCenter Server和vCenter Server Appliance拒绝服务漏

发布日期:2013-02-21
更新日期:2013-02-27

受影响系统:
VMWare vCenter 5.0
 VMWare vCenter 4.1 Update 2
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 58139
 CVE ID: CVE-2012-6326
 
VMware vCenter Server可以快速部署虚拟机,并监控物理服务器和虚拟机的性能,可通过单个界面部署、监控和管理虚拟化IT 环境,并确保最佳的服务级别。
 
vCenter Server和vCenter Server Appliance (vCSA)允许未验证远程用户创建超大日志条目,在实现上存在安全漏洞,可允许攻击者填充vCenter主机或设备VM的系统卷,并造成拒绝服务。
 
<*来源:vendor
 
  链接:
 *>

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
VMWare
 ------
 VMWare已经为此发布了一个安全公告(VMSA-2012-0018)以及相应补丁:
 
VMSA-2012-0018:VMware security updates for vCSA, vCenter Server, and ESXi
 链接:
 
补丁下载:
 vCenter Server 5.1.0b
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1

Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html

vCenter Server 5.0 Update 2
---------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0

Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html

vCenter Server 4.1 Update 3
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.html

ESXi and ESX
------------
The download for ESXi includes vCenter Server Appliance.

https://my.vmware.com/web/vmware/downloads

ESXi 5.1
--------
File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786

ESXi510-201212001 contains ESXi510-201212101

ESXi 5.0
--------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334

update-from-esxi5.0-5.0_update02.zip contains ESXi500-201212101

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wywfyx.html