{"id":8161,"date":"2020-12-13T01:01:00","date_gmt":"2020-12-12T21:31:00","guid":{"rendered":"https:\/\/www.apk.co.ir\/security\/?p=8161"},"modified":"2021-04-24T16:25:52","modified_gmt":"2021-04-24T11:55:52","slug":"fix-use-after-free-vulnerabilities-in-esxi-hypervisor","status":"publish","type":"manual_kb","link":"https:\/\/www.apk.co.ir\/kb\/fix-use-after-free-vulnerabilities-in-esxi-hypervisor\/","title":{"rendered":"\u0631\u0641\u0639 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc Use-After-Free \u062f\u0631 ESXi Hypervisor"},"content":{"rendered":"\n

\u062f\u0631 \u0686\u0627\u0644\u0634 hacking Tiunfu Cup \u062f\u0631 \u0686\u06cc\u0646\u060c \u062a\u06cc\u0645 \u0627\u0645\u0646\u06cc\u062a Vmware \u0627\u06cc\u0631\u0627\u062f\u0647\u0627\u06cc\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0648 \u0645\u0647\u0645 \u062f\u0631 ESXi Hypervisor \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0622\u0646 \u062f\u0631 ESXi Hypervisor<\/a> \u062a\u0631\u062a\u06cc\u0628 \u062f\u0627\u062f\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Use-After-Free (CVE-2020-4004) \u062f\u0627\u0631\u0627\u06cc \u0627\u0645\u062a\u06cc\u0627\u0632\u060c 9\/3 \u0627\u0632 10 \u0627\u0633\u062a \u0648 \u0627\u06cc\u0646 \u06cc\u0639\u0646\u06cc \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0645\u062d\u0633\u0648\u0628 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u062f\u0631 USB Controller\u06cc \u0627\u0632 ESXi\u060c \u0628\u0647 \u0646\u0627\u0645 eXtensible Host Controller Interface \u06cc\u0627 xHCI \u06cc\u0627\u0641\u062a \u0634\u062f\u0647 \u0627\u0633\u062a. \u062f\u0631 \u0636\u0645\u0646 xHCI \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u0634\u062e\u0635\u0627\u062a Interface \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0635\u06cc\u0641 \u06cc\u06a9 Host Controller \u0631\u0627 \u0628\u0631\u0627\u06cc USB \u062f\u0631 \u0633\u0637\u062d Register \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n\n\n\n

\u0646\u062d\u0648\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f <\/strong>Virtual Machine Executable<\/strong><\/strong><\/h3>\n\n\n\n

VMware \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f\u060c \u06cc\u06a9 \u0639\u0627\u0645\u0644 \u0645\u062e\u0631\u0628 \u0628\u0627 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062f\u0645\u06cc\u0646 Local \u0631\u0648\u06cc \u06cc\u06a9 \u0645\u0627\u0634\u06cc\u0646 \u0645\u062c\u0627\u0632\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 Exploit \u06a9\u0646\u062f. \u0633\u067e\u0633 \u062f\u0631\u062d\u0627\u0644\u06cc\u200c\u06a9\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f Virtual Machine Executable \u06cc\u0627 VMX\u060c \u0631\u0648\u06cc Host \u062f\u0631\u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0627\u0633\u062a\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06a9\u062f \u062e\u0648\u062f \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f. \u0641\u0631\u0627\u06cc\u0646\u062f VMX \u062f\u0631 VMkernel \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0645\u0633\u0626\u0648\u0644 \u0631\u0633\u06cc\u062f\u06af\u06cc I\/O \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u062d\u06cc\u0627\u062a\u06cc \u0646\u06cc\u0633\u062a\u0646\u062f.<\/p>\n\n\n\n

<\/p>\n\n\n\n