漏洞更新 - VMware修補vCenter Server heap-overflow和privilege escalation漏洞
VMware修補vCenter Server heap-overflow和privilege escalation漏洞
一、摘要
VMware於本週二(6/18)修補了位於vCenter Server中的3個安全漏洞,其中的CVE-2024-37079與CVE-2024-37080屬於堆積溢位漏洞,可導致遠端程式攻擊,其CVSS風險評分高達9.8,另一個CVE-2024-37081則是本地端權限擴充漏洞,CVSS風險評分為7.8。
二、存在風險
vCenter Server為VMware所開發的虛擬化管理軟體,根據VMware的說明,vCenter Server在實現分散式運算環境/遠端呼叫系統(DCE/RPC)協定時,出現了多個堆積溢位漏洞,將允許攻擊者透過傳送特製封包來觸發漏洞,進而導致遠端程式攻擊。而CVE-2024-37081則含有多個本地端權限擴張漏洞,源自於sudo的配置錯誤,其將允許僅具備一般權限的本地端用戶取得最高權限,其影響系統或版本如下:
- 受影響之系統/漏洞描述:
- VMware vCenter Server multiple heap-overflow vulnerabilities
- CVE編號:CVE-2024-37079, CVE-2024-37080
- 漏洞描述:vCenter Server在實現分散式運算環境/遠端呼叫系統(DCE/RPC)協定時,出現了多個堆積溢位漏洞,將允許攻擊者透過傳送特製封包來觸發漏洞,進而導致遠端程式攻擊。
- 影響系統/版本:
- vCenter Server 8.0
- vCenter Server 7.0
- Cloud Foundation (vCenter Server) 5.x
- Cloud Foundation (vCenter Server) 4.x
- VMware vCenter multiple local privilege escalation vulnerabilities
- CVE編號:CVE-2024-37081
- 漏洞描述:sudo的配置錯誤,其將允許僅具備一般權限的本地端用戶取得最高權限。
- 影響系統/版本:
- vCenter Server 8.0
- vCenter Server 7.0
- Cloud Foundation (vCenter Server) 5.x
- Cloud Foundation (vCenter Server) 4.x
三、建議改善措施:
企業及使用者如有上述漏洞版本應盡速更新:
- VMware vCenter Server 8.0 U2d
- Downloads and Documentation:
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5418
- https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u2d-release-notes/index.html
- VMware vCenter Server 8.0 U1e
- Downloads and Documentation:
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5419
- https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u1e-release-notes/index.html
- VMware vCenter Server 7.0 U3r
- Downloads and Documentation:
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5417
- https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3r-release-notes/index.html
- KB Articles:
- Cloud Foundation 5.x/4.x:
- https://knowledge.broadcom.com/external/article?legacyId=88287
