VM Escape Vulnerabilities CVE-2018-6981/CVE-2018-6982

Yakın zamanda VMware, VMware ESXi, Workstation ve Fusion‘da iki önemli güvenlik açığının (CVE-2018-6981 ve CVE-2018-6982) giderilmesi için security advisory yayınladı. Bu 2 açık Çin de düzenlenen GeekPwn2018 ‘de  Çinli Siber güvenlik şirketi Chaitin tech tarafından açıklandı.

CVE-2018-6981 : Bir guest hesabının host üzerinde kod yürütmesine izin verirken, CVE-2018-6982 güvenlik açığı esxi host üzerinden vm’e bilgi sızmasına neden olabilir.

Referans Linkleri :

https://blogs.vmware.com/security/2018/11/vmware-and-the-geekpwn2018-event.html

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

ESXi 6.7

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201811001.html

ESXi 6.5

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201811001.html

ESXi 6.0

Download address of the related patch/update and documentation:

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201811001.html

VMware Workstation Pro

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadplayer

https://docs.vmware.com/en/VMware-Workstation-Player/index.html

VMware Fusion Pro/Fusion

Download address of the related patch/update and documentation:

https://www.vmware.com/go/downloadfusion

https://docs.vmware.com/en/VMware-Fusion/index.html

Paylaş

YORUM YAZIN


UA-15660912-1