Critical VMware Vulnerability, Exploit Released 104
BaCa writes "Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software. It involves directory traversal using VMware's shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability."
Limited issue (Score:3, Interesting)
But, this isn't a very big deal.
Doesnt affect Server (Score:2, Interesting)
Re:Exploit code released? (Score:5, Interesting)
One day a nice whitehat sent an e-mail to all@.com describing that he had found a buffer overflow in our CGI binary that could be exploited in order to get shell access with the permissions of whatever user the webserver was running as. He told us exactly how to exploit it but he did not provide any kind of proof-of-concept code.
Well, the main developer and maintainer of the CGI program (an extremely experienced and talented programmer who is, to this day, still one of the programmers that I look up to the most - for reasons other than what I am about to describe obviously) assured everyone in the company that exploiting such a programming error would be soooooo incredibly difficult that it was a complete non-issue.
Based on his assurances the whitehat was ignored and customers were never notified of the problem and many of them went on running a vulnerable application.
I tried explaining to everyone that buffer overflows in services were exploited all the time to gain remote access but I was a junior level programmer at the time and was ignored.
I imagine that had the whitehat provided us with exploit code that we could use to actually test the problem ourselves and demonstrate it to the "non-believers" then seriousness of the problem would have been forced and the issues would have gotten a lot more attention.
Anyway, of course Core could have provided the code to VMWare only, but the basic idea is that with exploit code in the wild it gives an extra push to get VMWare to fix the problem quickly.
Parallels Desktop has a similar problem... (Score:5, Interesting)
As far as I know that's still in there, for both drag-and-drop and, if I recall correctly, for their "Coherence" mode where the Windows run in a pseudo-multi-window mode integrated to the Mac user interface.
Re:Duh? (Score:3, Interesting)
No, this is an example of a poor implementation of shared folders. This does not invalidate the use of virtual machines as a security mechanism. However, I will repeat what I said before on this subject: Virtualization solves an availability problem not a security problem.
He was lambasted for creating a controversy that didn't exist just so that he would be mention in the press. Theo is that you?
Re:Limited issue (Score:2, Interesting)
I think VMware Shared Folders have a valid purpose, and the implementation isn't all bad. Having them as a virtual network share, I like. The problem with any feature, useful or not, is that some half-breed is going to misuse it to the extreme. That imbecile will get owned and blame the software because there's no possible way he could have made a stupid mistake.
I think such fools should be put on display. The idiot who used Shared Folders in a production environment, needs to be hung out to dry and hopefully fired from his job because clearly he does not understand the finer intricacies of operating a networked computer.
Me, I like Shared Folders. They're handy on the few occasions when actually use them. I would rather see people quit screaming over this exploit, wait a day for a fix to be released (VMware's pretty decent on important updates), then carry on with their lives. Let's be honest here: Shared Folders are not something every user needs on a constant basis. There are a bunch of people who use VMware on servers, where these folders matter not. There's another bunch like myself who run a ton of virtualized OS'es for compatibility testing. Lastly, there's a handful of idiots who don't really know what they're doing, they just know their title and salary and are extremely good at putting the blame on others to protect that title and salary.