VMware Studio虚拟应用设备WEB接口文件上传目录遍历漏洞
来源:岁月联盟
时间:2009-09-05
VMWare Studio 2.0 beta漏洞描述:
Bugraq ID: 36199
CVE ID:CVE-2009-2968
VMware Studio是一款用于开发,配置,定制虚拟应用程序和应用设备的解决方案。
VMware Studio支持的web接口组件不正确过滤用户输入,远程安全者可以利用漏洞上传文件到VMware Studio虚拟应用设备上的任意目录中。
不过此漏洞不影响由 Studio 2.0 beta建立的虚拟机。<*参考
http://www.securityfocus.com/archive/1/506191
*>
SEBUG安全建议:
用户可联系供应商获得相应产品的补丁或升级程序:
VMware Studio 2.0 build 1017-185256
-----------------------------------
http://www.vmware.com/support/developer/studio/
Release notes:
http://www.vmware.com/support/developer/studio/studio20/release_notes.ht
ml
VMware Studio appliance in ZIP
(md5sum:58cb40704d12f4ec329b887ae729aba9)
(sha1sum:2931a6a4de7e77016d08c6539cab93a6304ab452)
VMware Studio appliance in OVA
Deployment URL:
http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0
.1017-185256_OVF10.ova
(md5sum:0b0edb02865ae935bcffcccbf346adc2)
(sha1sum:f126339ab0de5b684e60ab7dfd50ddb15f2391cc)
VMware Studio appliance in OVF 1.0
Deployment URL:
http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0
.1017-185256_OVF10.ovf
(md5sum:a3dfca29578a75b0440be3419396c85c)
(sha1sum:67f08e73de18ddeea257fefe6475f289d643ad77)
VMware Studio appliance in OVF 0.9
Deployment URL:
http://download3.vmware.com/software/studio/studio20/VMware_Studio-2.0.0
.1017-185256_OVF09.ovf
(md5sum:959c61270dc872be2f5e65e59480852d)
(sha1sum:ac3c2d612f0b877f10ca607467b6a95b31ed3dd7)
VMDK associated to the OVF 1.0 and OVF 0.9 descriptor
(md5sum:617ec59063d2ba180b19f680fb1b49b1)
(sha1sum:eb1d474cde175a9e042c9613eae31822843394cf)
VMware Studio Plugin for Eclipse in ZIP
(md5sum:9970df718f08f92c053758187c979293)
(sha1sum:2d5a9a8d3d68faa3afd317b148f060a74cbd359a)
