VMware vCenter, ESXi, ESX NFC协议内存破坏漏洞(CVE

VMware vCenter, ESXi, ESX NFC协议内存破坏漏洞(CVE-2013-1659)

发布日期:2013-02-21
更新日期:2013-02-25

受影响系统:
VMWare ESX 4.1
 VMWare ESX 4.0
 VMWare ESX 3.5
 VMWare ESXi 5.0
 VMWare ESXi 4.1
 VMWare ESXi 4.0
 VMWare ESXi 3.5
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 58115
 CVE(CAN) ID: CVE-2013-1659
 
VMware vCenter是VMware vSphere套件中一个强大的主机和虚拟机集中管理组件。VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。
 
VMware vCenter, ESXi, ESX NFC在处理NFC协议时存在安全漏洞,要利用此漏洞攻击者必须截获并修改vCenter Server与客户端或ESXi/ESX与客户端之间的NFC通讯。成功利用此漏洞可导致代码执行。
 
<*来源:Alex Chapman
 
  链接:
       
 *>

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
VMWare
 ------
 VMWare已经为此发布了一个安全公告(VMSA-2013-0003)以及相应补丁:
 VMSA-2013-0003:VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
 链接:
 
补丁下载:
 

vCenter Server 5.1.0
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1
 
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html
 
vCenter Server 5.0
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0
 
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html
 
vCenter Server 4.0
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
 
Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc40_u4b_rel_notes.html
 
VirtualCenter 2.5
---------------------------
Download link:

 
Release Notes:
https://www.vmware.com/support/vi3/doc/vi3_vc25u6c_rel_notes.html
 
ESXi and ESX
------------
https://www.vmware.com/patchmgr/download.portal
 
ESXi 5.1
--------
File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786

ESXi510-201212001 contains ESXi510-201212102-SG
 
ESXi 5.0
------------------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334

update-from-esxi5.0-5.0_update02 contains ESXi500-201212102-SG
 
ESXi 4.1
------------------
File: ESXi410-201211001.zip
md5sum: f7da5cd52d3c314abc31fe7aef4e50d3
sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1

ESXi410-201211001 contains ESXi410-201211402-BG
 
ESXi 4.0
------------------
File: ESXi400-201302001.zip
md5sum: 8fca17ca97669dd1d34c34902e8e7ddf
sha1sum: 51d76922eb7116810622acdd611f3029237a5680

ESXi400-201302001 contains ESXi400-201302402-SG
 
ESXi 3.5
--------
File: ESXe350-201302401-O-SG.zip
md5sum: a2c5f49bc865625b3796c41c202d1696
sha1sum: 12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee

ESXe350-201302401-O-SG.zip contains ESXe350-201302401-I-SG and ESXe350-201302403-C-SG
 
ESX 4.1
--------
File: ESX410-201211001.zip
md5sum: c167bccc388661e329fc494df13855c3
sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98

ESX410-201211001 contains ESX410-201211401-SG
 
ESX 4.0
--------
File: ESX400-201302001.zip
md5sum: 5ca4276e97c19b832d778e17e5f4ba64
sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f

ESX400-201302001 contains ESX400-201302401-SG
 
ESX 3.5
--------
File: ESX350-201302401-SG.zip
md5sum: e703cb0bc3e1eaa8932a96ea96f34a00
sha1sum: 91dcf1bf7194a289652d0904dd7af8bce0a1d2dd

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wywjsy.html