BugTraq
VMWare poor guest isolation design Aug 23 2007 03:22AM
M. Burnett (mb xato net) (2 replies)
Re: VMWare poor guest isolation design Aug 24 2007 09:07PM
Tim Newsham (newsham lava net)
Re: VMWare poor guest isolation design Aug 23 2007 04:49PM
Arthur Corliss (corliss digitalmages com) (6 replies)
RE: VMWare poor guest isolation design Aug 24 2007 06:42PM
Ken Kousky (kkousky ip3inc com)
Re: VMWare poor guest isolation design Aug 24 2007 02:43PM
Matt Richard (matt richard gmail com)
On 8/23/07, Arthur Corliss <corliss (at) digitalmages (dot) com [email concealed]> wrote:
> On Wed, 22 Aug 2007, M. Burnett wrote:
>
> > I have run across a design issue in VMware's scripting automation API that
> > diminishes VM guest/host isolation in such a manner to facilitate privilege
> > escalation, spreading of malware, and compromise of guest operating systems.
> >
>
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
>
> In (not so) short, this attack vector is virtually worthless if reasonable
> security practices are employed.

There are other methods of compromising guests without any
requirements for API's, GUI's, etc -
http://www.mnin.org/write/2006_vmshell_injection.pdf.

--
Matt Richard

[ reply ]
Re: VMWare poor guest isolation design Aug 24 2007 01:06AM
Jonathan Yu (jonathan i yu gmail com) (1 replies)
Re: VMWare poor guest isolation design Aug 24 2007 08:13AM
Arthur Corliss (corliss digitalmages com) (2 replies)
More on VMWare poor guest isolation design Aug 25 2007 01:29AM
M. Burnett (mb xato net) (2 replies)
Re: More on VMWare poor guest isolation design Aug 27 2007 02:37PM
wietse porcupine org (Wietse Venema)
Re: More on VMWare poor guest isolation design Aug 25 2007 07:05PM
Tim Newsham (newsham lava net) (1 replies)
RE: More on VMWare poor guest isolation design Aug 27 2007 05:51PM
M. Burnett (mb xato net) (2 replies)
RE: More on VMWare poor guest isolation design Aug 28 2007 06:49AM
Arthur Corliss (corliss digitalmages com)
RE: More on VMWare poor guest isolation design Aug 27 2007 11:36PM
Tim Newsham (newsham lava net)
Re: VMWare poor guest isolation design Aug 24 2007 01:51PM
Jonathan Yu (jonathan i yu gmail com)
RE: VMWare poor guest isolation design Aug 23 2007 10:40PM
James C. Slora Jr. (james slora phra com)
RE: VMWare poor guest isolation design Aug 23 2007 08:46PM
William Holmberg (wholmberg amdpi com) (1 replies)
RE: VMWare poor guest isolation design Aug 24 2007 07:16AM
Arthur Corliss (corliss digitalmages com)
RE: VMWare poor guest isolation design Aug 23 2007 08:30PM
M. Burnett (mb xato net) (1 replies)
RE: VMWare poor guest isolation design Aug 24 2007 07:50AM
Arthur Corliss (corliss digitalmages com)


 

Privacy Statement
Copyright 2010, SecurityFocus