Real Holes in Virtual Machines

Discussion in 'other security issues & news' started by ronjor, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,199
    Location:
    Texas
    Article
     
    ronjor, Apr 23, 2007
    #1
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Buffer overruns. It seems to be the primary weakness in sandboxing in general. I still haven't sink in the concept though.
     
    Pedro, Apr 23, 2007
    #2
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,224
    Hello,
    Okay ... but again, PoC ... Easier said than done.
    Mrk
     
    Mrkvonic, Apr 24, 2007
    #3
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    Well, this is no surprise, let´s hope that it´s fixed by the vendors. However, if you look at which vulnerabilities where found in VMWare they didn´t look super scary to me (malware would have to be real advanced to exploit it I think), and I had expected to see more holes. Btw, what´s this CWSandbox thing about?
     
    Rasheed187, May 14, 2007
    #4
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The other factor that comes into play is why mess around trying to do someting exotic to bypass the relatively few vm machines, when you can do something simple and snag thousands of still unprotected machines.
     
    Peter2150, May 14, 2007
    #5
  6. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    flinchlock, May 14, 2007
    #6
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    You took the words right outta my mouth Pete although enterprise hardware turnover is contributing in making virtual machines increase every year!
    As for VMWare, the few holes over the years have been plugged reletivly quickly and only really served to disrupt the VMs until VMWares other features come into play and update the VM, other holes are POC. Good recommendations there in the pdf of disabling unnecessary modules and stuff you just don't need, keeping software upto date, privileges and taking advantage of BSD systems.

    EDIT wait a minute, Pete your in blue when did this happen :)
     
    Last edited: May 14, 2007
    Meriadoc, May 14, 2007
    #7
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Sunday. It was cold and I turned blue:D
     
    Peter2150, May 14, 2007
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...