The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
Products:
VMware ACE
VMware Player
VMware Workstation
Details:
Summary
On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations.
Relevant Releases
Windows hosted versions of:
Note: The following VMware products are not affected:
Problem Description
The following description is from the Core Security Technologies advisory at http://www.coresecurity.com/?action=item&id=2129:
To improve user inter-operation with virtualized systems VMware’s software implements a number of inter-system communication features. The Shared Folder mechanism is one of such feature.
VMware’s shared folders allow users to transfer data between a virtualized system (Guest) and the non-virtualized Host system that contains it. This form of data transfer is available to users of the Guest system through read and write access to filesystem folders shared by both Guest and Host systems. To maintain effective isolation between Guest and Host systems, this mechanism should limit access from the Guest only to the Host system’s folders that are selected for sharing with the virtualized guests.
A vulnerability was found in VMware’s shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.
Solution:
Response
By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. In order to exploit this vulnerability, the virtual machine must have the shared folders feature manually enabled and at least one folder configured for sharing between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 6, Player 2, and ACE 2.
Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 5, Player 1, and ACE 1.
The issue affects all currently supported Windows-hosted versions of VMware Workstation, ACE, and Player. The issue does not affect VMware ESX Server or VMware Desktop Infrastructure products. There have been no reports of this issue occurring in customer environments.
Workaround
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.
To disable shared folders in the Global settings:
To disable shared folders for the individual virtual machine settings:
References
Note: Some links might not be available until 2/25/2008.
Product Versions:
VMware ACE 1.0.x
VMware ACE 2.0.x
VMware Player 1.0.x (Windows Hosts)
VMware Player 2.0.x (Windows Hosts)
VMware Workstation 5.0.x (Windows hosts)
VMware Workstation 5.5.x (Windows hosts)
VMware Workstation 6.0.x (Windows Hosts)
Comment Meta:
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Last 50 Posts 
Back