发布日期:2013-02-21
更新日期:2013-02-27受影响系统:
VMWare vCenter 5.0
VMWare vCenter 4.1 Update 2
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 58139
CVE ID: CVE-2012-6326
VMware vCenter Server可以快速部署虚拟机,并监控物理服务器和虚拟机的性能,可通过单个界面部署、监控和管理虚拟化IT 环境,并确保最佳的服务级别。
vCenter Server和vCenter Server Appliance (vCSA)允许未验证远程用户创建超大日志条目,在实现上存在安全漏洞,可允许攻击者填充vCenter主机或设备VM的系统卷,并造成拒绝服务。
<*来源:vendor
链接:http://www.vmware.com/security/advisories/VMSA-2012-0018.html
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
VMWare
------
VMWare已经为此发布了一个安全公告(VMSA-2012-0018)以及相应补丁:
VMSA-2012-0018:VMware security updates for vCSA, vCenter Server, and ESXi
链接:http://www.vmware.com/security/advisories/VMSA-2012-0018.html
补丁下载:
vCenter Server 5.1.0b
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.htmlvCenter Server 5.0 Update 2
---------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.htmlvCenter Server 4.1 Update 3
---------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1Release Notes:
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.htmlESXi and ESX
------------
The download for ESXi includes vCenter Server Appliance.https://my.vmware.com/web/vmware/downloadsESXi 5.1
--------
File: ESXi510-201212001.zip
md5sum: 81d562c00942973f13520afac4868748
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786
http://kb.vmware.com/kb/2035775
ESXi510-201212001 contains ESXi510-201212101ESXi 5.0
--------
File: update-from-esxi5.0-5.0_update02.zip
md5sum: ab8f7f258932a39f7d3e7877787fd198
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334
http://kb.vmware.com/kb/2033751
update-from-esxi5.0-5.0_update02.zip contains ESXi500-201212101最新版 Java 发现新的漏洞Glossword "login.php" SQL 注入漏洞相关资讯 VMware安全漏洞
- 多个VMware产品本地权限提升漏洞( (08/26/2013 13:40:05)
- VMware Workstation /Player弱权限 (11/13/2012 07:46:35)
- VMware OVF Tool OVF文件格式字符 (11/13/2012 07:45:23)
| - VMware View Connection Server和 (12/17/2012 19:58:37)
- VMware Workstation /Player DLL二 (11/13/2012 07:45:58)
- VMware的EMC Avamar Client “root (11/01/2012 23:04:57)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
-
|
易网时代-编程资源站