VMware update prevents host code execution

btw VMWare have a security announce list which you can also subscribe to. You may also search for patches by product from the support pages.

 

Thanks for this ronjor.
Well, well, what a PITA eh.
All the doom sayers must be happy now
Suppose it had to happen
If I may:

Good comment From Blake McNeill ( LinkLogger )

Now we might need all that other 'stuff' for the VM's

 

This is a serious one, but not as serious as it sounds.

If you do not use your guests for specifically testing of malicious code but only for purposes of education, trying new operating systems, trusted-vendor software testing etc, plus if you have win/lin combo as to host/guest, chances of getting the guest to execute something on the host is a remote one.

Mrk

 

I assume that is correct: i cant see anything about new *nix exploits in guest to own host??

Just a great big pita: I suspect most VM users are virtualising Win, at home, one or two VMs, but, especially in biz = big issue as exploit is out and about. Now need to roll out patch.

Can this be used from MS vm to own *nix host ??

 

VMSA-2009-0006.

Code:

 
VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    6.5.x     any      6.5.2 build 156735 or later
Workstation    6.0.x     any      upgrade to at least 6.5.2

Player         2.5.x     any      2.5.2 build 156735 or later
Player         2.0.x     any      upgrade to at least 2.5.2
 
ACE            2.5.x     Windows  2.5.2 build 156735 or later
ACE            2.0.      Windows  upgrade to at least 2.5.2
 
Server         2.x       any      2.0.1 build 156745 or later
Server         1.x       any      1.0.9 build 156507 or later
 
Fusion         2.x       Mac OS/X 2.0.4 build 159196 or later
 
ESXi           3.5       ESXi     ESXe350-200904201-O-SG
 
ESX            3.5       ESX      ESX350-200904201-SG
ESX            3.0.3     ESX      ESX303-200904403-SG
ESX            3.0.2     ESX      ESX-1008421
ESX            2.5.5     ESX      not affected

 

Dogbuiscuit: thanks
posted late last night : actually made an edit but somehow got lost

I note the VMWare advisory which looks like any OS running the unpatched VMWare is vulnerable.

Still has to be executed somehow ??
This is a biggie really.
VMWare has gone beyond a threshold where now it is a lucrative target, bet there has been a lot of work somewhere re trying to break through VMs
VMWare seems to be acting promptly which is good.
So much for that lagoon of serenity.

Fumbling around here:
Any info re VM snapshots and rolling back to eradicate this. ??
Is there any exploit loaded into the host OS if an affected VM is wiped ??