漏洞类别:VMware
漏洞等级: 
漏洞信息
The vCenter Server Appliance is a preconfigured Linux virtual machine, which is optimized for running VMware vCenter Server and the associated services on Linux. The target is missing Update 1d, which corrects the following security issue:
vCenter Server Appliance contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
QID Detection Logic(authenticated):
This QID checks for vulnerable versions of VMware vCenter Server Appliance.
漏洞危害
Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
解决方案
VMware has issued a fix (vCenter Server 6.5 U1d).
Upgrade vCenter Server Appliance to Build 7312210 or apply the latest VMware vCenter Server Appliance build.
Refer to VMSA-2017-0021 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论