Critical VMware bug

Discussion in 'other security issues & news' started by Franklin, Feb 25, 2008.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Had a look around and don't think this article has been posted?
    Article
     
  2. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Disable shared folder capabilities. Problem solved.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Greets again dallen

    Good to find you in the forums again and to see you posting if only in brief. Hope all is going well with studies these days.

    Regards EASTER
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    VMware Products Shared Folders Directory Traversal Vulnerability

    Secunia
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: VMware Products Shared Folders Directory Traversal Vulnerability

    VMware ACE
    VMware Player
    VMware Workstation

    not affected

    Server
    ESX Server
    Linux hosted
    Fusion

    Workaround - disable shared folders.

    kbvmware

     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Re: VMware Products Shared Folders Directory Traversal Vulnerability

    Good news. Also when I am playing with nasty stuff, I do shadow my host drives with Returnil/SD
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Exactly, this setting has always been disabled on my system anyway, so nothing scary about this. :rolleyes:
     
  8. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Problem is one needs to have shared folders to transfer downloads from VM to primary desktop... Not good!
    This vulnerability was one in the proving... but was suspected for a long time.
     
  9. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    Well, you can also use the Drag & Drop to drag files from the VM to the Host, and just disable it when you don't need it.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    The best way to share is to create a shared directory inside the guest and then connect to it as to any remote machine (ip or hostname). With some firewall rules, it's a true one-direction sharing.
    Mrk
     
  11. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Unless you need to run a specific OS for some applications that is specific to it... it's much easier to run sandboxie for me. I have many VM's sitting there unused mostly because I have no need of them anymore... sad for VMWare it used to be one of my favourite tool... (Still is when I need to experiment with a new OS...)
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    If that would be all then everything would be easy but I really doubt.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Sandboxie is a great, tool and my number one security app, but it can't replace a VM machine. The potential of a leak, is just a minor issue, and solved by protecting the host, if playing with malware. But I find the uses of the VM machine go so far beyond that.

    Pete
     
  14. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Absolutely, just playing around with applications debugging for example a VM is invaluable. Those who do development, or testing of any kind cant live without it...

    I really was happy when they made the server free... (Although I was using the workstation myself) as it made the technology available to everyone for Free!

    By the way VMWare is having a free meeting coming up in Toronto on 15 July. I will certainly be there...
    (They have them all over as well check out for your location date and time)
    Here is the sign up site:
    http://info.vmware.com/content/Virt...RUM_INV1&ossrc=EM_08Q2_VMW_OTHER_VIFORUM_INV1
     
Loading...
Thread Status:
Not open for further replies.