CVE编号
CVE-2008-3514利用情况
暂无补丁情况
N/A披露时间
2008-08-14漏洞描述
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."Patch information with appropriate login and password: http://www.vmware.com/security/advisories/VMSA-2008-0012.html 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VirtualCenter ------------- VMware VirtualCenter 2.5 Update 2 build 104263 www.vmware.com/download/download.do DVD iso image md5sum: 83de404fa073bc1fde9acd080f21e688 Zip file md5sum: 3297f1e47c6b018ac8190f11bd022d5b Release Notes www.vmware.com/support/vi3/doc/vi3_esx35u2_vc25u2_rel_notes.html VMware VirtualCenter 2.0.2 Update 5 build 104182 www.vmware.com/downloads/download.do DVD iso image md5sum: 5fee5d2d97b482e0d0cb47da7d8e7c34 Zip file md5sum: cd468aab309745c12ee5516652aafbcb Release Notes www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://secunia.com/advisories/31468 | |
| http://securityreason.com/securityalert/4150 | |
| http://www.insomniasec.com/advisories/ISVA-080812.1.htm | |
| http://www.securityfocus.com/archive/1/495386/100/0/threaded | |
| http://www.securityfocus.com/bid/30664 | |
| http://www.securitytracker.com/id?1020693 | |
| http://www.vmware.com/security/advisories/VMSA-2008-0012.html | |
| http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html | |
| http://www.vupen.com/english/advisories/2008/2363 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44425 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | vmware | virtualcenter | * |
Up to (including) 2.0.2 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | virtualcenter | 2.0.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | vmware | virtualcenter | 2.5 | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 N/A
- 用户交互 无
- 可用性 无
- 保密性 部分地
- 完整性 无
还没有评论,来说两句吧...