{"id":8124,"date":"2024-06-19T11:27:52","date_gmt":"2024-06-19T08:27:52","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=8124"},"modified":"2024-07-21T10:40:53","modified_gmt":"2024-07-21T07:40:53","slug":"093-vmware-vcenter-guncellemesi-heap-overflow","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/","title":{"rendered":"093 &#8211; VMware vCenter Server G\u00fcncellemeleri: (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Makale \u0130\u00e7eri\u011fi<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Giris\" >Giri\u015f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#CVE-2024-37079_Heap-Overflow_Guvenlik_Acigi\" >CVE-2024-37079: Heap-Overflow G\u00fcvenlik A\u00e7\u0131\u011f\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Detaylar\" >Detaylar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Korunma_Yollari\" >Korunma Yollar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#CVE-2024-37080_Yetki_Yukseltme_Guvenlik_Acigi\" >CVE-2024-37080: Yetki Y\u00fckseltme G\u00fcvenlik A\u00e7\u0131\u011f\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Detaylar-2\" >Detaylar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Korunma_Yollari-2\" >Korunma Yollar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#CVE-2024-37081_Yetki_Yukseltme_Guvenlik_Acigi\" >CVE-2024-37081: Yetki Y\u00fckseltme G\u00fcvenlik A\u00e7\u0131\u011f\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Detaylar-3\" >Detaylar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Korunma_Yollari-3\" >Korunma Yollar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/sunucucozumleri.com\/blog\/093-vmware-vcenter-guncellemesi-heap-overflow\/#Sonuc\" >Sonu\u00e7<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Giris\"><\/span>Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>VMware, bulut bili\u015fim ve <a href=\"https:\/\/sunucucozumleri.com\/blog\/sunucu-sanallastirma-teknolojileri-avantajlari-ve-kullanim-alanlari\/\">sanalla\u015ft\u0131rma<\/a> \u00e7\u00f6z\u00fcmleri sunan \u00f6nde gelen bir teknoloji \u015firketidir. \u015eirketin en \u00f6nemli \u00fcr\u00fcnlerinden biri olan vCenter Server, VMware ortamlar\u0131nda sanal altyap\u0131n\u0131n merkezi y\u00f6netimini sa\u011flar. Ancak, her yaz\u0131l\u0131m gibi, vCenter Server da zaman zaman g\u00fcvenlik a\u00e7\u0131klar\u0131na maruz kalabilir. Bu makalede, son olarak duyurulan VMSA-2024-0012 g\u00fcvenlik g\u00fcncellemesi ile ele al\u0131nan \u00fc\u00e7 kritik g\u00fcvenlik a\u00e7\u0131\u011f\u0131na (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) odaklanaca\u011f\u0131z.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-8126 aligncenter\" src=\"https:\/\/sunucucozumleri.com\/wp-content\/uploads\/2024\/06\/CVE-2024-37079-CVE-2024-37080-CVE-2024-37081-300x300.webp\" alt=\"CVE-2024-37079, CVE-2024-37080, CVE-2024-37081\" width=\"440\" height=\"440\" title=\"\" srcset=\"\/\/sunucucozumleri.com\/blog\/wp-content\/uploads\/2024\/06\/CVE-2024-37079-CVE-2024-37080-CVE-2024-37081-300x300.webp 300w, \/\/sunucucozumleri.com\/blog\/wp-content\/uploads\/2024\/06\/CVE-2024-37079-CVE-2024-37080-CVE-2024-37081-150x150.webp 150w, \/\/sunucucozumleri.com\/blog\/wp-content\/uploads\/2024\/06\/CVE-2024-37079-CVE-2024-37080-CVE-2024-37081.webp 1024w\" sizes=\"(max-width: 440px) 100vw, 440px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2024-37079_Heap-Overflow_Guvenlik_Acigi\"><\/span>CVE-2024-37079: Heap-Overflow G\u00fcvenlik A\u00e7\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Heap-overflow, bir yaz\u0131l\u0131m g\u00fcvenlik a\u00e7\u0131\u011f\u0131 t\u00fcr\u00fcd\u00fcr ve genellikle bellek y\u00f6netimi hatalar\u0131ndan kaynaklan\u0131r. CVE-2024-37079 kodlu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, vCenter Server&#8217;da bulunan bir heap-overflow hatas\u0131n\u0131 i\u015faret etmektedir. Bu t\u00fcr bir a\u00e7\u0131k, sald\u0131rganlar\u0131n belle\u011fe yetkisiz eri\u015fim elde etmelerine ve potansiyel olarak k\u00f6t\u00fc ama\u00e7l\u0131 kod \u00e7al\u0131\u015ft\u0131rmalar\u0131na olanak tan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Detaylar\"><\/span>Detaylar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Etki Alan\u0131<\/strong>: Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, vCenter Server&#8217;\u0131n belirli bir mod\u00fcl\u00fcnde bulunmaktad\u0131r ve sald\u0131rganlar taraf\u0131ndan uzaktan istismar edilebilir.<\/li>\n<li><strong>Zarar Seviyesi<\/strong>: Sald\u0131rgan, ba\u015far\u0131l\u0131 bir istismar sonucunda vCenter Server \u00fczerinde kod \u00e7al\u0131\u015ft\u0131rabilir ve tam yetki elde edebilir.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Korunma_Yollari\"><\/span>Korunma Yollar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>VMware taraf\u0131ndan yay\u0131nlanan g\u00fcncellemeyi hemen uygulamak.<\/li>\n<li>A\u011f g\u00fcvenlik duvarlar\u0131 ve izinsiz giri\u015f tespit sistemleri kullanarak d\u0131\u015f eri\u015fimleri s\u0131n\u0131rlamak.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2024-37080_Yetki_Yukseltme_Guvenlik_Acigi\"><\/span>CVE-2024-37080: Yetki Y\u00fckseltme G\u00fcvenlik A\u00e7\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Yetki y\u00fckseltme (privilege escalation) g\u00fcvenlik a\u00e7\u0131klar\u0131, sald\u0131rganlar\u0131n d\u00fc\u015f\u00fck yetkili hesaplardan daha y\u00fcksek yetkili hesaplara ge\u00e7i\u015f yapmas\u0131na olanak tan\u0131r. CVE-2024-37080 kodlu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, vCenter Server \u00fczerinde yetki y\u00fckseltme f\u0131rsat\u0131 sunmaktad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Detaylar-2\"><\/span>Detaylar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Etki Alan\u0131<\/strong>: Kullan\u0131c\u0131 hesaplar\u0131n\u0131n yetki seviyelerini manip\u00fcle eden bir hatad\u0131r.<\/li>\n<li><strong>Zarar Seviyesi<\/strong>: Sald\u0131rgan, d\u00fc\u015f\u00fck yetkili bir hesapla giri\u015f yapt\u0131ktan sonra y\u00f6netici haklar\u0131 elde edebilir.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Korunma_Yollari-2\"><\/span>Korunma Yollar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>G\u00fcncellemeleri hemen uygulayarak yaz\u0131l\u0131m\u0131 en g\u00fcncel s\u00fcr\u00fcme y\u00fckseltmek.<\/li>\n<li>Kullan\u0131c\u0131 hesaplar\u0131n\u0131n d\u00fczenli olarak g\u00f6zden ge\u00e7irilmesi ve gereksiz y\u00fcksek yetkilerin kald\u0131r\u0131lmas\u0131.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"CVE-2024-37081_Yetki_Yukseltme_Guvenlik_Acigi\"><\/span>CVE-2024-37081: Yetki Y\u00fckseltme G\u00fcvenlik A\u00e7\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 da bir yetki y\u00fckseltme sorununu ifade etmektedir. CVE-2024-37081 kodlu a\u00e7\u0131k, vCenter Server \u00fczerinde kritik bir zafiyeti i\u015faret eder ve sald\u0131rganlar\u0131n y\u00f6netici haklar\u0131 elde etmelerini kolayla\u015ft\u0131r\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Detaylar-3\"><\/span>Detaylar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Etki Alan\u0131<\/strong>: Yetki y\u00f6netimi ve kullan\u0131c\u0131 do\u011frulama s\u00fcre\u00e7lerinde bulunan bir hata.<\/li>\n<li><strong>Zarar Seviyesi<\/strong>: Sald\u0131rgan, sistem \u00fczerinde tam kontrol sa\u011flayabilir.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Korunma_Yollari-3\"><\/span>Korunma Yollar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>VMware&#8217;in \u00f6nerdi\u011fi g\u00fcncellemelerin uygulanmas\u0131.<\/li>\n<li>Kullan\u0131c\u0131 aktivitelerinin izlenmesi ve ola\u011fand\u0131\u015f\u0131 davran\u0131\u015flar\u0131n tespit edilmesi i\u00e7in g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin kullan\u0131lmas\u0131.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Sonuc\"><\/span>Sonu\u00e7<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>VMware vCenter Server, kritik bir IT altyap\u0131s\u0131 y\u00f6netim arac\u0131d\u0131r ve g\u00fcvenlik a\u00e7\u0131klar\u0131na kar\u015f\u0131 duyarl\u0131 olabilir. CVE-2024-37079, CVE-2024-37080 ve CVE-2024-37081 kodlu g\u00fcvenlik a\u00e7\u0131klar\u0131, ciddi sonu\u00e7lar do\u011furabilecek zafiyetlerdir. Bu t\u00fcr g\u00fcvenlik a\u00e7\u0131klar\u0131na kar\u015f\u0131 korunmak i\u00e7in VMware taraf\u0131ndan yay\u0131nlanan g\u00fcncellemelerin hemen uygulanmas\u0131 ve genel g\u00fcvenlik \u00f6nlemlerinin al\u0131nmas\u0131 hayati \u00f6neme sahiptir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Giri\u015f VMware, bulut bili\u015fim ve sanalla\u015ft\u0131rma \u00e7\u00f6z\u00fcmleri sunan \u00f6nde gelen bir teknoloji \u015firketidir. \u015eirketin en \u00f6nemli \u00fcr\u00fcnlerinden biri olan vCenter Server, VMware ortamlar\u0131nda sanal altyap\u0131n\u0131n merkezi y\u00f6netimini sa\u011flar. Ancak, her yaz\u0131l\u0131m gibi, vCenter Server da zaman zaman g\u00fcvenlik a\u00e7\u0131klar\u0131na maruz kalabilir. Bu makalede, son olarak duyurulan VMSA-2024-0012 g\u00fcvenlik g\u00fcncellemesi ile ele al\u0131nan \u00fc\u00e7 kritik g\u00fcvenlik &hellip;<\/p>\n","protected":false},"author":12,"featured_media":8125,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[14],"tags":[],"class_list":["post-8124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/8124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=8124"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/8124\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/8125"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=8124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=8124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=8124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}