VMware权限提升误差危害通告

宣布时间 2020-03-18

误差编号和级别


CVE编号:CVE-2020-3950,危险级别:高危,CVSS分值:厂商自评:7.3,官方未评定


影响版本


VMware Fusion < 11.5.2

VMware Remote Console for Mac <= 11.x

VMware Horizon Client for Mac < 5.4.0


误差概述


克日,VMware官方宣布编号为VMSA-2020-0005的清静通告,修复了保存于VMware Fusion,VMRC for Mac 和Horizon Client for Mac中的权限提升误差CVE-2020-3950,由于VMware过失的使用了setuid,攻击者使用此误差可将目的系统中的通俗用户权限提升至管理员权限。现在PoC已果真,建议相关用户升级版本举行防护。


误差验证


PoC:https://github.com/mirchr/security-research/blob/master/vulnerabilities/CVE-2020-3950.sh。


修复建议


现在官方已宣布最新版本修复该误差,实时更新受影响的Vmware产品到如下版本:


VMware Fusion 11.5.2

Downloads and Documentation:

https://www.vmware.com/go/downloadfusion

https://docs.vmware.com/en/VMware-Fusion/index.html


VMware Horizon Client 5.4.0

Downloads and Documentation:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0

https://docs.vmware.com/en/VMware-Horizon-Client/index.html


VMware Remote Console for Mac 11.0.1

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VMRC1101&productId=742

https://docs.vmware.com/en/VMware-Remote-Console/index.html


参考链接


https://www.vmware.com/security/advisories/VMSA-2020-0005.html