漏洞信息详情
VMware产品Trap Flag处理本地权限提升漏洞
- CNNVD编号:CNNVD-200811-153
- 危害等级: 中危
- CVE编号: CVE-2008-4915
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2008-11-10
- 威胁类型: 本地
- 更新时间: 2008-11-15
- 厂 商: vmware
- 漏洞来源: Derek Soeder※ dsoe...
漏洞简介
VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
VMWare在处理指令的执行时存在问题,攻击者可能利用此漏洞提升自己的权限。如果在设置了Trap Flag的情况下出现中断,正确的CPU将执行转移到中断处理器之前会清除Trap Flag。对于受影响的VMware版本,如果内核态IRET设置了Trap Flag的话,则在执行单字节INT 3指令的时候Trap Flag在模式切换后仍继续存在,这造成的结果就是如果能够导致内核通过IRET设置Trap Flag的话,用户态代码在遇到INT 3断点(#BP)处理器的第一个指令的话会导致出现单步调试trap(#DB)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
VMWare
------
VMware Workstation 5.5.9
------------------------
http://www.vmware.com/download/ws/ws5.HTML
Release notes:
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.HTML
Windows binary:
md5sum: 509c7b323a8ac42c0a92b0a1446bb0f8
Compressed Tar archive for 32-bit Linux
md5sum: 9d189e72f8111e44b27f1ee92edf265e
Linux RPM version for 32-bit Linux
md5sum: 0957c5258d033d0107517df64bfea240
VMware Player 1.0.9
-----------------------------
http://www.vmware.com/download/player/
Release notes Player 1.x:
http://www.vmware.com/support/player/doc/releasenotes_player.HTML
Windows binary
md5sum: e2c8dd7b27df7d348f14f69de017b93f
Player 1.0.9 for Linux (.rpm)
md5sum: 471c3881fa60b058b1dac1d3c9c32c85
Player 1.0.9 for Linux (.tar)
md5sum: bef507811698e7333f5e8cb672530dbf
VMware ACE 1.0.8
----------------
http://www.vmware.com/download/ace/
Release notes:
http://www.vmware.com/support/ace/doc/releasenotes_ace.HTML
Windows binary
md5sum: 920a08c2fcdeaedcb3258183817419a0
ACE 1.0.8 for Linux (.rpm)
md5sum: 450254b73fa6802713136bf2c04e5b40
ACE 1.0.8 for Linux (.tar)
md5sum: 5efdaccf8217b8d7875d3f35cd6159e0
VMware Server 1.0.8
-------------------
http://www.vmware.com/download/server/
Release notes:
http://www.vmware.com/support/server/doc/releasenotes_server.HTML
VMware Server for Windows 32-bit and 64-bit
md5sum: 4ba41e5fa192f786121a7395ebaa8d7c
VMware Server Windows client package
md5sum: f25746e275ca00f28d44ad372fc92536
VMware Server for Linux
md5sum: a476d3953ab1ff8457735e692fa5edf9
VMware Server for Linux rpm
md5sum: af6890506618fa82928fbfba8a5f97e1
Management Interface
md5sum: 5982b84a39479cabce63e12ab664d369
VMware Server Linux client package
md5sum: 605d7db48f63211cc3f5ddb2b3f915a6
ESXi
----
ESXi 3.5 patch ESXe350-200810401-O-UG
http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip
md5sum: 9b83c54a005572bebb86652e3efd732a
http://kb.vmware.com/kb/1007056
ESX
---
ESX Server 3.5 update 3 CD image Refresh
md5sum: e9bdaad2d37872820a4cad8e8dbde536
http://www.vmware.com/download/download.do?downloadGroup=ESX350U3
ESX Server 3.5 upgrade package from ESX Server 2.x to ESX Server 3.5
Update 3 Refresh
md5sum:2da08fed15bd4b1ed5b19433e837591c
http://www.vmware.com/download/download.do?downloadGroup=ESX350U3
ESX Server 3.5 upgrade package from ESX Server 3.0.x to ESX Server 3.5
Update 3 Refresh
md5sum:d631aa8418d99fce4280fc3905ac4c37
http://www.vmware.com/download/download.do?downloadGroup=ESX350U3
ESX Server 3.5 upgrade package from ESX Server 3.5 to ESX Server 3.5
Update 3 Refresh
md5sum:4dea5d943d0c0469c397b6520dfeb0fb
http://www.vmware.com/download/download.do?downloadGroup=ESX350U3
ESX 3.5 patch ESX350-200810201-UG (vCPU/directory traversal)
http://download3.vmware.com/software/vi/ESX350-200810201-UG.zip
md5sum: 6f26f985d9fea520ebdda7c65b60486e
http://kb.vmware.com/kb/1007041
ESX 3.0.3 patch ESX303-200810501-BG (vCPU)
http://download3.vmware.com/software/vi/ESX303-200810501-BG.zip
md5sum: da72f475c5ac038379d712d36307e33d
http://kb.vmware.com/kb/1006969
ESX 3.0.2 patch ESX-1006680 (vCPU)
http://download3.vmware.com/software/vi/ESX-1006680.tgz
md5sum: 8186a2e77bc7c0e4cd5b214d0a5d29c0
http://kb.vmware.com/kb/1006680
VMware ESX 2.5.5 Upgrade Patch 10
http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz
md5sum: 2ee87cdd70b1ba84751e24c0bd8b4621
http://vmware.com/support/esx25/doc/esx-255-200810-patch.HTML
VMware ESX 2.5.4 Upgrade Patch 21
http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz
md5sum: d791be525c604c852a03dd7df0eabf35
http://vmware.com/support/esx25/doc/esx-254-200810-patch.HTML
参考网址
来源: XF
名称: vmware-cpuhardware-priv-escalation(46415)
链接:http://xforce.iss.net/xforce/xfdb/46415
来源:www.vmware.com
链接:http://www.vmware.com/security/advisories/VMSA-2008-0018.HTML
来源: SECTRACK
名称: 1021154
链接:http://www.securitytracker.com/id?1021154
来源: BID
名称: 32168
链接:http://www.securityfocus.com/bid/32168
来源: BUGTRAQ
名称: 20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues
链接:http://www.securityfocus.com/archive/1/archive/1/498138/100/0/threaded
来源: VUPEN
名称: ADV-2008-3052
链接:http://www.frsirt.com/english/advisories/2008/3052
来源: SECUNIA
名称: 32624
链接:http://secunia.com/advisories/32624
来源: SECUNIA
名称: 32612
链接:http://secunia.com/advisories/32612
来源: MLIST
名称: [Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues
链接:http://lists.vmware.com/pipermail/security-announce/2008/000042.HTML
受影响实体
- Vmware Esx:2.5.4
- Vmware Esx:2.5.5
- Vmware Esx:3.5
- Vmware Player:1.0.4
- Vmware Player:1.0.3
补丁
暂无
评论