漏洞描述:
VMware vCenter Server DCE/RPC协议实现中存在堆溢出漏洞,对vCenter Server具有网络访问权限的恶意行为者可能会通过发送特制的网络数据包来触发这些漏洞,成功的利用此漏洞可导致远程代码执行。
修复建议:
正式防护方案:
官方已发布更新版本修复此漏洞,建议受影响用户升级至安全版本:
VMware vCenter Server 8.0 U2d
VMware vCenter Server 8.0 U1e
VMware vCenter Server 7.0 U3r
VMware Cloud Foundation 5.x/4.x KB88287
安全版本下载和安装方式:
1、VMware vCenter Server 8.0 U2d:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5418
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u2d-release-notes/index.html
2、VMware vCenter Server 8.0 U1e:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5419
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u1e-release-notes/index.html
3、VMware vCenter Server 7.0 U3r:
https://support.broadcom.com/web/ecx/solutiondetails ?patchId=5417
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3r-release-notes/index.html
4、Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
参考链接:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
原文始发于微信公众号(飓风网络安全):【漏洞预警】VMware VCenter Server 缓冲区溢出
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论