Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - VMware Fusion updates to fixes a couple of bugs InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VMware Fusion updates to fixes a couple of bugs

Published: 2009-10-02
Last Updated: 2009-10-02 18:19:27 UTC
by Stephen Hall (Version: 1)
0 comment(s)

VMWare have informed us that an update is available for their Apple Mac version of their VMWare environment, VMWare Fusion.

The update  fixes a vulnerability found in all versions of VMWare Fusion, so if you use this product, it is time to update. A vulnerability for one of the issues has been published.

The published vulnerability apparently produces a remote shell with root privileges but I have not tested it at this time.

The exploit writer comments:

"The vmx86 kext ioctl handler permits an unprivileged userland program to initialize several function pointers via the 0x802E564A ioctl code. These function pointers are later used from several reachable locations within the driver, one of which is called immediately after initialization."

 

Keywords: fusion vmware
0 comment(s)
Diary Archives