I don't know how many of you work with VMware, but I have to thank Ed Skoudis for turning me on to virtualization in one of his classes long ago. Since that time, I have been using it as an invaluable tool for incident handling and testing patches and vulnerabilities. So, I found it interesting to see the VMware security advisory VMSA-2008-0008 sent from fellow handler Jim Clausing. Security Focus is reporting that there are no exploits in the wild at this time. These security vulnerabilities have been addressed in the newest releases of VMware's hosted product line. The advisory affects the following products:
VMware Host Guest File System (HGFS) shared folders
Secondly, this feature allows users to transfer data between a guest operating system and the non-virtualized host operating system that contains it. The vulnerability is a heap buffer overflow. Exploitation of this flaw might allow an unprivileged guest process to execute code in the context of the vmx process on the host. In order to exploit this vulnerability, the VMware system must have at least 1 folder shared. One good thing about this vulnerability is that if you are using the default setting, you are not vulnerable. The vulnerability only applies if you have changed the settings to share folders. VMware Server, ESX and ESXi do not provide the shared folders feature so they are not vulnerable.
Jun 1st 2008
1 decade ago