VMware update prevents host code execution

[ronjor]

Quote:

VMware has released security updates for its hosted products to patch a critical vulnerability that allowed a guest operating system to execute code on its host.

Story

[Meriadoc]

btw VMWare have a security announce list which you can also subscribe to. You may also search for patches by product from the support pages.

[Longboard]

Thanks for this ronjor.
Well, well, what a PITA eh.
All the doom sayers must be happy now
Suppose it had to happen
If I may:

Quote:

Not Vulnerable:
VMWare Workstation 6.5.2
VMWare Server 2.0.1
VMWare Server 1.0.9
VMWare Player 2.5.2
VMWare Fusion 2.0.4
VMWare ACE 2.5.2

Vulnerable:
VMWare Workstation 6.5.1
VMWare Workstation 6.5 build 118166
VMWare Workstation 6.0.5 build 109488
VMWare Workstation 6.0.5
VMWare Workstation 6.0.4 build 93057
VMWare Workstation 6.0.4
VMWare Workstation 6.0.3 Build 80004
VMWare Workstation 6.0.3
VMWare Workstation 6.0.2
VMWare Workstation 6.0.1
VMWare Workstation 6.0
VMWare Workstation 6.0.0.45731
VMWare Server 1.0.8 build 126538
VMWare Server 1.0.8
VMWare Server 1.0.7 build 108231
VMWare Server 1.0.7
VMWare Server 1.0.6 build 91891
VMWare Server 1.0.6
VMWare Server 1.0.5 Build 80187
VMWare Server 1.0.5
VMWare Server 1.0.4
VMWare Server 1.0.3
VMWare Server 1.0.2
VMWare Server 2.0
VMWare Player 2.5.1
VMWare Player 2.5 build 118166
VMWare Player 2.0.5 build 109488
VMWare Player 2.0.5
VMWare Player 2.0.4 build 93057
VMWare Player 2.0.4
VMWare Player 2.0.3 Build 80004
VMWare Player 2.0.2
VMWare Player 2.0.1
VMWare Player 2.0
VMWare Fusion 2.0.3
VMWare Fusion 2
VMWare ESXi Server 3.5
VMWare ESX Server 3.0.3
VMWare ESX Server 3.0.2
VMWare ESX Server 3.5
VMWare ACE 2.5.1
VMWare ACE 2.5 build 118166
VMWare ACE 2.0.5 build 109488
VMWare ACE 2.0.5
VMWare ACE 2.0.3
VMWare ACE 2.0.2 build 93057
VMWare ACE 2.0.2
VMWare ACE 2.0.1
VMWare ACE 2.0

Good comment From Blake McNeill ( LinkLogger )

Quote:

This is very very interesting as it proves once again that hackers are a very creative, well most hackers are idiots, but there are a few very bright ones and that is all it takes. One of virtualization's biggest claims was security and a number of us use it for security investigations of malware because of that (really we like having an endless supply of disposable systems we can screw up, gut and then toss), and so this exploit proves that hackers can find exploits in difficult places where exploits aren't suppose to be. I'll go so far as given the first crack has been found in the dam, that this isn't the last vulnerability that will be found and likely we will see a string of them over the near future (sometimes just knowing something is possible is the challenge).
Keep your VM's patched as the virtual systems for security reason claim has its first glitch and likely not its last.

Now we might need all that other 'stuff' for the VM's

[Mrkvonic]

This is a serious one, but not as serious as it sounds.

If you do not use your guests for specifically testing of malicious code but only for purposes of education, trying new operating systems, trusted-vendor software testing etc, plus if you have win/lin combo as to host/guest, chances of getting the guest to execute something on the host is a remote one.

Mrk

[Longboard]

Quote:

plus if you have win/lin combo as to host/guest, chances of getting the guest to execute something on the host is a remote one.

I assume that is correct: i cant see anything about new *nix exploits in guest to own host??

Just a great big pita: I suspect most VM users are virtualising Win, at home, one or two VMs, but, especially in biz = big issue as exploit is out and about. Now need to roll out patch.

Can this be used from MS vm to own *nix host ??

[Peter2150]

Not to big an issue here, already update to 6.5.2

As to the comment about needing "all the other stuff" I have the same configuration on my VM's as the host. That way if I do test new software, it's as close to the host as possible.

Also if playing with malware, I always shadow all my disk drives with ShadowDefender, just in case there happens to be a leak.

Pete

[Dogbiscuit]

Quote:

Originally Posted by Longboard

Can this be used from MS vm to own *nix host ??

Hhmm: Is it truly a VM vulnerability or an MS soft spot ??

VMSA-2009-0006.

Code:

 
VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    6.5.x     any      6.5.2 build 156735 or later
Workstation    6.0.x     any      upgrade to at least 6.5.2

Player         2.5.x     any      2.5.2 build 156735 or later
Player         2.0.x     any      upgrade to at least 2.5.2
 
ACE            2.5.x     Windows  2.5.2 build 156735 or later
ACE            2.0.      Windows  upgrade to at least 2.5.2
 
Server         2.x       any      2.0.1 build 156745 or later
Server         1.x       any      1.0.9 build 156507 or later
 
Fusion         2.x       Mac OS/X 2.0.4 build 159196 or later
 
ESXi           3.5       ESXi     ESXe350-200904201-O-SG
 
ESX            3.5       ESX      ESX350-200904201-SG
ESX            3.0.3     ESX      ESX303-200904403-SG
ESX            3.0.2     ESX      ESX-1008421
ESX            2.5.5     ESX      not affected

[Longboard]

Dogbuiscuit: thanks
posted late last night : actually made an edit but somehow got lost

I note the VMWare advisory which looks like any OS running the unpatched VMWare is vulnerable.

Still has to be executed somehow ??
This is a biggie really.
VMWare has gone beyond a threshold where now it is a lucrative target, bet there has been a lot of work somewhere re trying to break through VMs
VMWare seems to be acting promptly which is good.
So much for that lagoon of serenity.

Fumbling around here:
Any info re VM snapshots and rolling back to eradicate this. ??
Is there any exploit loaded into the host OS if an affected VM is wiped ??