Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
VMWare flaw allows guests to break out
Published: 2008-02-25

A vulnerability in VMWare's popular virtual-machine software gives attackers the ability to use a virtual machine to compromise the host operating system, if the system's owner has set up a shared folder to exchange data.

The attack, disclosed in an advisory published by security firm Core Security Technologies on Monday, takes advantage of an error in the way the path name is handled by VMWare when providing the shared-folder features. Shared folders are not enabled by default in VMWare Workstation 6, VMWare Player 2 or VMWare ACE 2. Sharing data between the host and guest operating systems is common, however.

"Exploitation of (this) vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it," Core Security stated in its advisory. "Successful exploitation requires that the Shared Folder's feature to be enabled which is the default on VMware products that have the feature AND at least one folder of the Host system is configured for sharing."

Virtual machines continue to be considered a way to add security to otherwise insecure operating systems, though the security benefit of running operating systems in a software sandbox has increasingly been questioned. Some security researchers have maintained that a small software shim, or hypervisor, could be inserted between the guest and host operating systems, invisibly compromising the system. Microsoft and other companies have used virtual machines to create a multitude of client-side honeypots, or honeymonkeys, to check out potentially dangerous Web sites.

VMWare is working on a patch for the latest issue. VMWare ESX and Linux-hosted VMWare products are not affected by the flaws, the company stated in its advisory.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus