Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Critical VMware Vulnerability, Exploit Released 104

Posted by kdawson from the heads-up-incoming dept.
BaCa writes "Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software. It involves directory traversal using VMware's shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability."
This discussion has been archived. No new comments can be posted.

Critical VMware Vulnerability, Exploit Released More

Critical VMware Vulnerability, Exploit Released

Comments Filter:

  • Why use the shared folder feature? (Score:5, Insightful)

    by Mostly a lurker ( 634878 ) on Thursday February 28, 2008 @03:46PM (#22591950)
    I have played with the shared folder feature, but never saw any real advantage over just using standard networking (SMB, NFS etc.) Is there some advantage to VMware's shared folder feature that I am too blind to see?

  • serious, even critical flaw, but still not (Score:5, Insightful)

    by vux984 ( 928602 ) on Thursday February 28, 2008 @04:03PM (#22592202)
    serious, even critical flaw, but still not -that- bad. A short term workaround involves turning off the file sharing feature.

    And really, if you are running vmware for high security and server isolation you would NEVER have that on anyway. Because the existence of a shared folder is implicitly not isolation.

    And the value in vmware is not 'high security' but 'high utilisation'. The ability to run multiple low load systems on one hardware platform, while not having to worry about package dependency, compatibility, or even that they run on the same OS. And the ease at which you can move one virtualized 'server' to another hardware instance, and other server management conviences.

    VMWare as a security mechanism? Its pretty good I suppose. In theory you can approach the same level of security you would have by using separate boxes for the servers. But that's it... you can only approach, you're never going to reach parity, and you certainly aren't going to exceed it.

    So VMWare is a security tradeoff... you trade a bit of security for better cash, space, and cpu utilisation.

    That said, VMware security is quite good. Its a much smaller attack surface than, say, a chroot jail. But there is still an attack surface. If you want the highest possible security, dedicated hardware behind a firewall is, was, and probably always will be the best solution.

    In closing, I'm sure we'll see a proper fix for this in short order.

  • Re:Best to use SSH... (Score:3, Insightful)

    by dominux ( 731134 ) on Thursday February 28, 2008 @04:14PM (#22592324) Homepage
    you have one CPU and you are asking it to both encrypt and decrypt a stream which can't be sniffed on the wire because it isn't going on the wire. I guess it is less silly on dual core or more where you could be encrypting on one core and decrypting on another. Either way it doesn't sound particularly efficient. That said if it is fast enough and you are familiar with it as a tool then please carry on.

  • Re:Limited issue (Score:5, Insightful)

    by Brian Gordon ( 987471 ) on Thursday February 28, 2008 @04:46PM (#22592652)
    Anyone using Shared Folders is just asking for trouble anyway.. any sort of production setup will have a proper virtual network.

Slashdot Top Deals

Machines have less problems. I'd like to be a machine. -- Andy Warhol

Close