CVE-2017-4949
CVSS6.9
发布时间 :2018-01-11 09:29:00
修订时间 :2018-02-12 19:34:02
NMPS    

[原文]VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 6.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-416 [释放后使用]

- CPE (受影响的平台与产品)

cpe:/a:vmware:fusion:8.0.0
cpe:/a:vmware:fusion:8.0.1
cpe:/a:vmware:fusion:8.0.2
cpe:/a:vmware:fusion:8.1.0
cpe:/a:vmware:fusion:8.5.0
cpe:/a:vmware:fusion:8.5.1
cpe:/a:vmware:workstation:12.0.0
cpe:/a:vmware:workstation:12.5.0
cpe:/a:vmware:workstation:12.5.4
cpe:/a:vmware:workstation:12.5.5
cpe:/a:vmware:workstation:12.5.6
cpe:/a:vmware:workstation:12.5.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4949
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4949
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/102489
(VENDOR_ADVISORY)  BID  102489
http://www.securitytracker.com/id/1040161
(VENDOR_ADVISORY)  SECTRACK  1040161
https://www.vmware.com/security/advisories/VMSA-2018-0005.html
(VENDOR_ADVISORY)  CONFIRM  https://www.vmware.com/security/advisories/VMSA-2018-0005.html

- 漏洞信息 (F145845)

VMware Security Advisory 2018-0005 (PacketStormID:F145845)
2018-01-11 00:00:00
VMware  vmware.com
advisory,overflow,vulnerability
CVE-2017-4949,CVE-2017-4950
[点击下载]

VMware Security Advisory 2018-0005 - VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------

                               VMware Security Advisory

Advisory ID: VMSA-2018-0005
Severity:    Critical
Synopsis:    VMware Workstation, and Fusion updates resolve use-after
             -free and integer-overflow vulnerabilities
Issue date:  2018-01-10
Updated on:  2018-01-10 (Initial Advisory)
CVE number:  CVE-2017-4949, CVE-2017-4950

1. Summary

   VMware Workstation, and Fusion updates resolve use-after-free and
   integer-overflow vulnerabilities

2. Relevant Products

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

   a. Use-after-free vulnerability in VMware NAT service

   VMware Workstation and Fusion contain a use-after-free vulnerability
   in VMware NAT service when IPv6 mode is enabled. This issue may
   allow a guest to execute code on the host.

   Note: IPv6 mode for VMNAT is not enabled by default.

   VMware would like to thank WenQunWang of Tencent's Xuanwu LAB for
   reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2017-4949 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware          Product Running           Replace with/   Mitigation
   Product         Version on      Severity  Apply patch     Workaround
   ==============  ======= ======= ========  =============   ==========
   Workstation      14.x    Any    Critical    14.1.1           None
   Workstation      12.x    Any    Critical    12.5.9           None
    Fusion          10.x    OS X   Critical    10.1.1           None
    Fusion          8.x     OS X   Critical    8.5.10           None

   b. Integer-overflow vulnerability in VMware NAT service

   VMware Workstation and Fusion contain an integer overflow
   vulnerability in VMware NAT service when IPv6 mode is enabled. This
   issue may lead to an out-of-bound read which can then be used to
   execute code on the host in conjunction with other issues.

   Note: IPv6 mode for VMNAT is not enabled by default.

   VMware would like to thank WenQunWang of Tencent's Xuanwu LAB for
   reporting this issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2017-4950 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware          Product Running           Replace with/   Mitigation
   Product         Version on      Severity  Apply patch     Workaround
   ==============  ======= ======= =========  =============  ===========
   Workstation      14.x    Any    Important   14.1.1           None
   Workstation      12.x    Any    Important   12.5.9           None
    Fusion          10.x    OS X   Important   10.1.1           None
    Fusion          8.x     OS X   Important   8.5.10           None


4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Workstation Pro 14.1.1
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/support/pubs/ws_pubs.html

   VMware Workstation Player 14.1.1
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer
   https://www.vmware.com/support/pubs/player_pubs.html

   VMware Workstation Pro 12.5.9
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/info/slug/desktop_
   end_user_computing/vmware_workstation_pro/12_0
   https://www.vmware.com/support/pubs/ws_pubs.html

   VMware Workstation Player 12.5.9
   Downloads and Documentation:
   https://my.vmware.com/en/web/vmware/free#desktop_
   end_user_computing/vmware_workstation_player/12_0
   https://www.vmware.com/support/pubs/player_pubs.html

   VMware Fusion Pro / Fusion 10.1.1
   Downloads and Documentation:
   https://www.vmware.com/go/downloadfusion
   https://www.vmware.com/support/pubs/fusion_pubs.html

   VMware Fusion Pro / Fusion 8.5.10
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/info/slug/desktop_
   end_user_computing/vmware_fusion/8_0
   https://www.vmware.com/support/pubs/fusion_pubs.html


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4949
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4950

- ------------------------------------------------------------------------

6. Change log

   2018-01-10 VMSA-2017-0005
   Initial security advisory in conjunction with the release of VMware
   Workstation 12.5.9 on 2018-01-10.

- ------------------------------------------------------------------------
7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaVwYgDEcm8Vbi9kMRAr3mAJ4zS2QQog09h5K1xAPG59tVhCnUrgCg3RK/
KKS064Rpozk2PAPs2ShZegI=
=trGK
-----END PGP SIGNATURE-----
    

- 漏洞信息

Multiple VMware Products CVE-2017-4949 Remote Code Execution Vulnerability
Boundary Condition Error 102489
Yes No
2018-01-10 12:00:00 2018-01-10 12:00:00
WenQunWang of Tencent's Xuanwu LAB

- 受影响的程序版本

VMWare Workstation 12.5.8
VMWare Workstation 12.5.7
VMWare Workstation 12.5.5
VMWare Workstation 12.5.3
VMWare Workstation 14.0
VMWare Workstation 12.0
VMWare Fusion 8.5.9
VMWare Fusion 8.5.8
VMWare Fusion 8.5.6
VMWare Fusion 8.5.4
VMWare Fusion 8.5.2
VMWare Fusion 8.1.1
VMWare Fusion 8.1
VMWare Fusion 8.0.2
VMWare Fusion 8.0.1
VMWare Fusion 8.5.5
VMWare Fusion 8.5
VMWare Fusion 8.0
VMWare Fusion 10.0
,VMWare Workstation 14.1.1
VMWare Workstation 12.5.9
VMWare Fusion 10.1.1
VMWare Fusion 8.5.10

- 不受影响的程序版本

VMWare Workstation 14.1.1
VMWare Workstation 12.5.9
VMWare Fusion 10.1.1
VMWare Fusion 8.5.10

- 漏洞讨论

Multiple VMware Products are prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站