CVE-2018-6969
CVSSN/A
发布时间 :2018-07-13 09:29:00
修订时间 :2018-07-14 21:29:03
NMPS    

[原文]VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6969
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6969
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104737
(UNKNOWN)  BID  104737
https://www.vmware.com/security/advisories/VMSA-2018-0017.html
(UNKNOWN)  CONFIRM  https://www.vmware.com/security/advisories/VMSA-2018-0017.html

- 漏洞信息 (F148544)

VMware Security Advisory 2018-0017 (PacketStormID:F148544)
2018-07-13 00:00:00
VMware  vmware.com
advisory
CVE-2018-6969
[点击下载]

VMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0017
Severity:    Important
Synopsis:    VMware Tools update addresses an out-of-bounds read
             vulnerability
Issue date:  2018-07-12
Updated on:  2018-07-12 (Initial Advisory)
CVE number:  CVE-2018-6969


1. Summary

   VMware Tools update addresses an out-of-bounds read vulnerability

2. Relevant Releases

   VMware Tools

3. Problem Description

   VMware Tools HGFS out-of-bounds read vulnerability

   VMware Tools contains an out-of-bounds read vulnerability in HGFS.
   Successful exploitation of this issue may lead to information
   disclosure or may allow attackers to escalate their privileges on
   guest VMs.

   Note: In order to be able to exploit this issue, file sharing must
   be enabled.

   VMware would like to thank Anurudh for reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6969 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware    Product      Running            Replace with/ Mitigation/
   Product   Version      on       Severity  Apply patch   Workaround
 =========== ============ =======  ========  ============= ==========
VMware Tools 10.x & prior Windows  Important   10.3.0*       None

* VMware Tools must be updated to 10.3.0 for each Windows VM to resolve
CVE-2018-6969.

4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Tools 10.3.0
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/details?downloadGroup=
   VMTOOLS1030&productId=491


5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6969
- -----------------------------------------------------------------------

6. Change log

   2018-07-12 VMSA-2018-0017
   Initial security advisory in conjunction with the release of VMware
   Tools 10.3.0 on 2018-07-12
- -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFbSEUEDEcm8Vbi9kMRAp+XAJ4x4zwwZ19EU8hoD0H/MwBXrc4M7ACeOUxa
rhavWcKvxqraX5JHtY4hhZY=
=dDX7
-----END PGP SIGNATURE-----

    

- 漏洞信息

VMware Tools HGFS CVE-2018-6969 Local Information Disclosure Vulnerability
Design Error 104737
No Yes
2018-07-12 12:00:00 2018-07-12 12:00:00
Anurudh

- 受影响的程序版本

VMWare Tools 10.0.6
VMWare Tools 10.0.5
VMWare Tools 9.0
VMWare Tools 8.8.1.9139
VMWare Tools 8.8.0.7539
VMWare Tools 8.6.0.6261
VMWare Tools 8.3.7.4937
VMWare Tools 8.3.7.3827
VMWare Tools 8.3.2.1593
VMWare Tools 8.3.12.8191
VMWare Tools 8.3.12-559003
VMWare Tools 8.0.4.24748
VMWare Tools 8.0.3.21653
VMWare Tools 8.0.3.19531
VMWare Tools 8.0.3.17828
VMWare Tools 8.0.2.17586
VMWare Tools 8.0.2.16474
VMWare Tools 8.0.2.14744
VMWare Tools 8.0.1.12458
VMWare Tools 3.1.2.20911
VMWare Tools 3.1.2.15040
VMWare Tools 3.1.2.14664
VMWare Tools 3.1.2.14166
VMWare Tools 3.1.2.12548
VMWare Tools 3.1.2.12031
VMWare Tools 3.1.2.10559
VMWare Tools 3.1.0
VMWare Tools 3.0.0
VMWare Tools 10.1.0
VMWare Tools 10.0.9
VMWare Tools 10.0
,VMWare Tools 10.3

- 不受影响的程序版本

VMWare Tools 10.3

- 漏洞讨论

VMware Tools is prone to an local information-disclosure vulnerability.

Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站