VMwareÐé¹¹»úÌÓÒÝ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-11-13

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-6981£¬£¬£¬ £¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬ £¬£¬£¬£¬ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-6982£¬£¬£¬ £¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬ £¬£¬£¬£¬ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


VMware vSphere ESXi (ESXi)

VMware Workstation Pro / Player (Workstation)

VMware Fusion Pro, Fusion (Fusion)


·ì϶¸ÅÊö


VMwareÒÑΪ¸ÃÐé¹¹»ú£¨VM£©ÌÓÒݳÁÒª·ì϶£¨CVE-2018-6981ÓëCVE-2018-6982£©°ä²¼°²È«²¹¶¡£¬£¬£¬ £¬£¬£¬£¬ £¬¸Ã·ì϶ÓÉ×êÑÐÔ¹ØÅìÍÓî½üÆÚÔÚÖйúGeekPwn2018ºÚ¿Í´óÈüÖз¢ÏÖ¡£¡£¡£¡£¡£¡£¡£¡£


ÕâЩ·¨Ê½ÃýÎóÊÇÓÉvmxnet3Ðé¹¹ÍøÂçÊÊÅäÆ÷ÖÐδ³õʼ»¯µÄ²Ö¿âÄÚ´æʹÓÃÃýÎóµ¼ÖµÄ¡£¡£¡£¡£¡£¡£¡£¡£¶øÕâЩÃýÎó½öÔÚvmxnet3ÊÊÅäÆ÷ÔÊÐíµÄÇé¿öϲſÉÓᣡ£¡£¡£¡£¡£¡£¡£


ÓÉVMware°ä²¼µÄ֪ͨ¿ÉÖª£¬£¬£¬ £¬£¬£¬£¬ £¬¡°VMware ESXi¡¢FusionÓëWorkstationµÄvmxnet3Ðé¹¹ÍøÂçÊÊÅäÆ÷ÖÐÔ̺¬Î´³õʼ»¯µÄ²Ö¿âÄÚ´æʹÓᣡ£¡£¡£¡£¡£¡£¡£ÆôÓÃvmxnet3ʱ£¬£¬£¬ £¬£¬£¬£¬ £¬¸ÃÎÊÌâ»áÔÊÐíÐé¹¹»úÔÚËÞÖ÷»úÉÏÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£¡£¡£ËùÓеÄvmxnet3¾ùÊÜ´ËÎÊÌâÓ°Ïì¡£¡£¡£¡£¡£¡£¡£¡£¡±


Ðé¹¹Ö÷»ú¿ÉÀûÓ÷ì϶¡°CVE-2018-6981¡±ÔÚÖ÷»úÉÏÖ´ÐÐËÁÒâ´úÂ룬£¬£¬ £¬£¬£¬£¬ £¬Ó°ÏìVMware ESXi¡¢FusionÓëWorkstation²úÆ·¡£¡£¡£¡£¡£¡£¡£¡£¶ø·ì϶¡°CVE-2018-6982¡±¿Éµ¼Ö´ÓÖ÷»úµ½Ðé¹¹»úµÄÐÅϢй¶£¬£¬£¬ £¬£¬£¬£¬ £¬¸Ã·ì϶ֻӰÏìESXi¡£¡£¡£¡£¡£¡£¡£¡£


¸Ã·ì϶¼«¶È³ÁÒª£¬£¬£¬ £¬£¬£¬£¬ £¬ÓÉÓÚÕâÊÇר¼Ò³õ´Î³É¹¦³¢ÊÔÌÓÒÝVMwareESXi£¬£¬£¬ £¬£¬£¬£¬ £¬²¢ÔÚËÞÖ÷ϵͳÖлñÈ¡root shell¡£¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP£¬£¬£¬ £¬£¬£¬£¬ £¬GeekPwn2018£¬£¬£¬ £¬£¬£¬£¬ £¬¸Ã·ì϶µÄ¹¥»÷չʾ¡£¡£¡£¡£¡£¡£¡£¡£


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website



ÊÖ¹¤×Ô²é

Ðé¹¹»úÊÇ·ñʹÓÃÁËvmxnet3¡£¡£¡£¡£¡£¡£¡£¡£


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


½¨¸´½¨Òé


ÊÜCVE-2018-6981Ó°Ïì²úÆ·¼°¿É´úÌæ/²¹¶¡°æ±¾


²úÆ·

°æ±¾

ÔËÐÐƽ̨

ÑϳÁˮƽ

´úÌæΪ/ÀûÓò¹¶¡

ESXi

6.7

ESXi

Critical

ESXi670-201811401-BG

ESXi

6.5

ESXi

Critical

ESXi650-201811301-BG

ESXi

6.0

ESXi

Critical

ESXi600-201811401-BG

Workstation

15.x

ËùÓÐ

Critical

15.0.1

Workstation

14.x

ËùÓÐ

Critical

14.1.4

Fusion

11.x

OS X

Critical

11.0.1

Fusion

10.x

OS X

Critical

10.1.4


ÊÜCVE-2018-6982Ó°Ïì²úÆ·¼°¿É´úÌæ/²¹¶¡°æ±¾


²úÆ·

°æ±¾

ÔËÐÐƽ̨

ÑϳÁˮƽ

´úÌæΪ/ÀûÓò¹¶¡

ESXi

6.7

ESXi

Important

ESXi670-201811401-BG

ESXi

6.5

ESXi

Important

ESXi650-201811301-BG

ESXi

6.0

ESXi

N/A

²»ÊÜÓ°Ïì

Workstation

ËùÓÐ

ËùÓÐ

N/A

²»ÊÜÓ°Ïì

Fusion

ËùÓÐ

OS X

N/A

²»ÊÜÓ°Ïì


¾ßÌå¸÷¸ö²úÆ·°æ±¾µÄ²¹¶¡/¿¯ÐÐ×¢Ã÷£º

ESXi 6.7

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html


ESXi 6.5

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html


ESXi 6.0

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html


VMware Workstation Pro 14.1.3

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html


VMware Workstation Player 14.1.3

https://www.vmware.com/go/downloadplayer

https://docs.vmware.com/en/VMware-Workstation-Player/index.html


VMware Fusion Pro / Fusion 10.1.3

https://www.vmware.com/go/downloadfusion

https://docs.vmware.com/en/VMware-Fusion/index.html


²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2018-0027.html