Vulnerability-Lookup

CNVD-2018-10313

Vulnerability from cnvd - Published: 2018-05-25

Title

VMware Workstation和Fusion拒绝服务漏洞（CNVD-2018-10313）

Description

VMWare Workstation和Fusion都是美国威睿（VMware）公司的桌面虚拟计算机软件，前者提供可以同时运行多个不同的操作系统的虚拟机功能，后者是用于在苹果机（Mac）上运行Windows应用程序的虚拟机软件。 VMware Workstation 14.1.2之前的14.x版本和Fusion 10.1.2之前的10.x版本中存在拒绝服务漏洞。攻击者可利用该漏洞造成gust设备停止服务（空指针逆向引用）。

Severity

中

Patch Name

VMware Workstation和Fusion拒绝服务漏洞（CNVD-2018-10313）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2018-0013.html

Reference

https://securitytracker.com/id/1040957

Impacted products

Name
['VMware Workstation 14.，<14.1.2', 'VMware Fusion 10.，<10.1.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104237"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6963"
    }
  },
  "description": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware Workstation 14.1.2\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.2\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210gust\u8bbe\u5907\u505c\u6b62\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002",
  "discovererName": "Hahna Latonick and Kevin Fujimoto working with Trend Micro\u0027s Zero Day Initiative, and Bruno Botelho (@utxsec).",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2018-0013.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10313",
  "openTime": "2018-05-25",
  "patchDescription": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware Workstation 14.1.2\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.2\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210gust\u8bbe\u5907\u505c\u6b62\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Workstation\u548cFusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-10313\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Workstation 14.*\uff0c\u003c14.1.2",
      "VMware Fusion 10.*\uff0c\u003c10.1.2"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040957",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-23",
  "title": "VMware Workstation\u548cFusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-10313\uff09"
}

CVE-2018-6963 (GCVE-0-2018-6963)

Vulnerability from cvelistv5 – Published: 2018-05-22 13:00 – Updated: 2024-09-16 16:53

Summary

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Severity ?

No CVSS data available.

CWE

Multiple Denial-of-service vulnerabilities

Assigner

vmware

References

URL

Tags

	http://www.securityfocus.com/bid/104237	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040957	vdb-entryx_refsource_SECTRACK
	https://www.vmware.com/security/advisories/VMSA-2…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

VMware

Workstation

Affected: 14.x before 14.1.2

VMware

Fusion

Affected: 10.x before 10.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104237",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104237"
          },
          {
            "name": "1040957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040957"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Workstation",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "14.x before 14.1.2"
            }
          ]
        },
        {
          "product": "Fusion",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "10.x before 10.1.2"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Denial-of-service vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-23T09:57:01.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "104237",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104237"
        },
        {
          "name": "1040957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040957"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-6963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.x before 14.1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fusion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.x before 10.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Denial-of-service vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104237",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104237"
            },
            {
              "name": "1040957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040957"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2018-6963",
    "datePublished": "2018-05-22T13:00:00.000Z",
    "dateReserved": "2018-02-14T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:53:07.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-10313

CVE-2018-6963 (GCVE-0-2018-6963)

Tags

Sightings

Nomenclature