BugTraq
Vm ware 0day dos exploit by n00b. Jun 18 2006 01:02PM
co296 aol com (2 replies)
Re: Vm ware 0day dos exploit by n00b. Jun 20 2006 03:32AM
Eliah Kagan (degeneracypressure gmail com)
Re: Vm ware 0day dos exploit by n00b. Jun 20 2006 02:59AM
Paul Szabo (psz maths usyd edu au)
co296 (at) aol (dot) com [email concealed] wrote:

> ... in vmware user's .vmx file ... we change ...
> ide1:0.fileName = AAAAA... it will cause a d0s ...

I am confused: cannot you cause such a problem with any invalid filename?
Where is the attack, if you had to have write access to the user's file?
Can you have code execution (shellcode in that name, for VMware on UNIX
where bits of it run as root)?

Cheers,

Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus