Critical VMware bug

Franklin · Feb 25, 2008

Had a look around and don't think this article has been posted?

A critical vulnerability in VMware Inc.'s virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" OS, the company has acknowledged.

As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player and ACE. The company's virtual machine software for Windows servers, and for Mac- and Linux-based hosts, are not at risk.
Click to expand...

Article

dallen · Feb 25, 2008

Disable shared folder capabilities. Problem solved.

EASTER · Feb 25, 2008

Greets again dallen

Good to find you in the forums again and to see you posting if only in brief. Hope all is going well with studies these days.

Regards EASTER

ronjor · Feb 26, 2008

VMware Products Shared Folders Directory Traversal Vulnerability

Critical: Less critical

Impact: Security Bypass
Where: Local system
Solution Status: Unpatched

Software: VMware ACE 1.x
VMWare ACE 2.x
VMware Player 1.x
VMWare Player 2.x
VMware Workstation 5.x
VMware Workstation 6.x
Click to expand...

Secunia

Meriadoc · Feb 26, 2008

Re: VMware Products Shared Folders Directory Traversal Vulnerability

VMware ACE
VMware Player
VMware Workstation

not affected

Server
ESX Server
Linux hosted
Fusion

Workaround - disable shared folders.

kbvmware

Response

By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. In order to exploit this vulnerability, the virtual machine must have the shared folders feature manually enabled and at least one folder configured for sharing between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 6, Player 2, and ACE 2.

Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 5, Player 1, and ACE 1.
The issue affects all currently supported Windows-hosted versions of VMware Workstation, ACE, and Player. The issue does not affect VMware ESX Server or VMware Desktop Infrastructure products. There have been no reports of this issue occurring in customer environments.
Click to expand...

Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.

To disable shared folders in the Global settings:

1.
From the VMware product's menu, choose Edit > Preferences.
2.
In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.

To disable shared folders for the individual virtual machine settings:

1.
From the VMware product's menu, choose VM > Settings.
2.
In the Options tab, select Shared Folders and Disable.
Click to expand...

Peter2150 · Feb 26, 2008

Re: VMware Products Shared Folders Directory Traversal Vulnerability

Good news. Also when I am playing with nasty stuff, I do shadow my host drives with Returnil/SD

Rasheed187 · Feb 26, 2008

Disable shared folder capabilities. Problem solved.
Click to expand...

Exactly, this setting has always been disabled on my system anyway, so nothing scary about this.

Hermescomputers · Feb 26, 2008

dallen said:

Disable shared folder capabilities. Problem solved.
Click to expand...

Problem is one needs to have shared folders to transfer downloads from VM to primary desktop... Not good!
This vulnerability was one in the proving... but was suspected for a long time.

KookyMan · Feb 28, 2008

Hermescomputers said:

Problem is one needs to have shared folders to transfer downloads from VM to primary desktop... Not good!
This vulnerability was one in the proving... but was suspected for a long time.
Click to expand...

Well, you can also use the Drag & Drop to drag files from the VM to the Host, and just disable it when you don't need it.

Mrkvonic · Feb 28, 2008

Hello,
The best way to share is to create a shared directory inside the guest and then connect to it as to any remote machine (ip or hostname). With some firewall rules, it's a true one-direction sharing.
Mrk

Hermescomputers · Feb 28, 2008

Unless you need to run a specific OS for some applications that is specific to it... it's much easier to run sandboxie for me. I have many VM's sitting there unused mostly because I have no need of them anymore... sad for VMWare it used to be one of my favourite tool... (Still is when I need to experiment with a new OS...)

SystemJunkie · Feb 28, 2008

Disable shared folder capabilities. Problem solved.
Click to expand...

If that would be all then everything would be easy but I really doubt.

Peter2150 · Feb 28, 2008

Hermescomputers said:

Unless you need to run a specific OS for some applications that is specific to it... it's much easier to run sandboxie for me. I have many VM's sitting there unused mostly because I have no need of them anymore... sad for VMWare it used to be one of my favourite tool... (Still is when I need to experiment with a new OS...)
Click to expand...

Sandboxie is a great, tool and my number one security app, but it can't replace a VM machine. The potential of a leak, is just a minor issue, and solved by protecting the host, if playing with malware. But I find the uses of the VM machine go so far beyond that.

Pete

Hermescomputers · Feb 28, 2008

Peter2150 said:

Sandboxie is a great, tool and my number one security app, but it can't replace a VM machine. The potential of a leak, is just a minor issue, and solved by protecting the host, if playing with malware. But I find the uses of the VM machine go so far beyond that.

Pete
Click to expand...

Absolutely, just playing around with applications debugging for example a VM is invaluable. Those who do development, or testing of any kind cant live without it...

I really was happy when they made the server free... (Although I was using the workstation myself) as it made the technology available to everyone for Free!

By the way VMWare is having a free meeting coming up in Toronto on 15 July. I will certainly be there...
(They have them all over as well check out for your location date and time)
Here is the sign up site:
http://info.vmware.com/content/Virt...RUM_INV1&ossrc=EM_08Q2_VMW_OTHER_VIFORUM_INV1

Log in or Sign up

Critical VMware bug

Franklin Registered Member

dallen Registered Member

EASTER Registered Member

ronjor Global Moderator

Meriadoc Registered Member

Peter2150 Global Moderator

Rasheed187 Registered Member

Hermescomputers Registered Member

KookyMan Registered Member

Mrkvonic Linux Systems Expert

Hermescomputers Registered Member

SystemJunkie Resident Conspiracy Theorist

Peter2150 Global Moderator

Hermescomputers Registered Member

Log in or Sign up

Critical VMware bug

Franklin Registered Member

dallen Registered Member

EASTER Registered Member

ronjor Global Moderator

Meriadoc Registered Member

Peter2150 Global Moderator

Rasheed187 Registered Member

Hermescomputers Registered Member

KookyMan Registered Member

Mrkvonic Linux Systems Expert

Hermescomputers Registered Member

SystemJunkie Resident Conspiracy Theorist

Peter2150 Global Moderator

Hermescomputers Registered Member

Useful Searches