Critical VMware Vulnerability, Exploit Released - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Critical VMware Vulnerability, Exploit Released 104

Posted by kdawson on Thursday February 28, 2008 @03:41PM from the heads-up-incoming dept.

BaCa writes "Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software. It involves directory traversal using VMware's shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability."

This discussion has been archived. No new comments can be posted.

Critical VMware Vulnerability, Exploit Released

Search 104 Comments Log In/Create an Account

Comments Filter:

Limited issue (Score:3, Interesting)

by nhtshot ( 198470 ) writes: on Thursday February 28, 2008 @03:45PM (#22591936)

It only affects the desktop systems. Interesting to see vulnerabilities finally start cropping up in the panacea virtualization techs.

But, this isn't a very big deal.

Share
twitter facebook
Doesnt affect Server (Score:2, Interesting)

by quo_vadis ( 889902 ) writes: on Thursday February 28, 2008 @03:58PM (#22592132) Journal

This doesnt affect VMWare server though,which most people use in home settings (given that it is free)

Share
twitter facebook
Re:Exploit code released? (Score:5, Interesting)

by garett_spencley ( 193892 ) writes: on Thursday February 28, 2008 @04:31PM (#22592510) Journal

About 8 years ago I was working at a dot-bomb that produced an "Intranet" solution. We weren't a huge company but we did have customers who deployed our product on their production web servers, as well we offered a "hosted" solution where we hosted the virtual desktop solution on our own servers.

One day a nice whitehat sent an e-mail to all@.com describing that he had found a buffer overflow in our CGI binary that could be exploited in order to get shell access with the permissions of whatever user the webserver was running as. He told us exactly how to exploit it but he did not provide any kind of proof-of-concept code.

Well, the main developer and maintainer of the CGI program (an extremely experienced and talented programmer who is, to this day, still one of the programmers that I look up to the most - for reasons other than what I am about to describe obviously) assured everyone in the company that exploiting such a programming error would be soooooo incredibly difficult that it was a complete non-issue.

Based on his assurances the whitehat was ignored and customers were never notified of the problem and many of them went on running a vulnerable application.

I tried explaining to everyone that buffer overflows in services were exploited all the time to gain remote access but I was a junior level programmer at the time and was ignored.

I imagine that had the whitehat provided us with exploit code that we could use to actually test the problem ourselves and demonstrate it to the "non-believers" then seriousness of the problem would have been forced and the issues would have gotten a lot more attention.

Anyway, of course Core could have provided the code to VMWare only, but the basic idea is that with exploit code in the wild it gives an extra push to get VMWare to fix the problem quickly.

Parent Share
twitter facebook
Parallels Desktop has a similar problem... (Score:5, Interesting)

by argent ( 18001 ) writes: <peter@slashdot . ... t a r o nga.com> on Thursday February 28, 2008 @04:54PM (#22592762) Homepage Journal

In Beta they enabled their full drag and drop by default, but turned it off-by-default after a storm of protest on the Parallels forums. The reason for the protest is that they implemented the ability to do Mac-Windows drag and drop everywhere (instead of just to and from the Windows desktop) by creating a special magic UNC path that provided full local-user access to the root of the OS X file system.

As far as I know that's still in there, for both drag-and-drop and, if I recall correctly, for their "Coherence" mode where the Windows run in a pseudo-multi-window mode integrated to the Mac user interface.

Share
twitter facebook
Re:Duh? (Score:3, Interesting)

by Bill_the_Engineer ( 772575 ) writes: on Thursday February 28, 2008 @07:51PM (#22594934)

This is a great example of how virtual machines can actually reduce security

No, this is an example of a poor implementation of shared folders. This does not invalidate the use of virtual machines as a security mechanism. However, I will repeat what I said before on this subject: Virtualization solves an availability problem not a security problem.
(something that Theo de Raadt said not that long ago, and was lambasted for.)

He was lambasted for creating a controversy that didn't exist just so that he would be mention in the press. Theo is that you?

Parent Share
twitter facebook
Re:Limited issue (Score:2, Interesting)

by billcopc ( 196330 ) writes: <vrillco@yahoo.com> on Thursday February 28, 2008 @09:51PM (#22595914) Homepage

Actually, I have a differing opinion.

I think VMware Shared Folders have a valid purpose, and the implementation isn't all bad. Having them as a virtual network share, I like. The problem with any feature, useful or not, is that some half-breed is going to misuse it to the extreme. That imbecile will get owned and blame the software because there's no possible way he could have made a stupid mistake.

I think such fools should be put on display. The idiot who used Shared Folders in a production environment, needs to be hung out to dry and hopefully fired from his job because clearly he does not understand the finer intricacies of operating a networked computer.

Me, I like Shared Folders. They're handy on the few occasions when actually use them. I would rather see people quit screaming over this exploit, wait a day for a fix to be released (VMware's pretty decent on important updates), then carry on with their lives. Let's be honest here: Shared Folders are not something every user needs on a constant basis. There are a bunch of people who use VMware on servers, where these folders matter not. There's another bunch like myself who run a ton of virtualized OS'es for compatibility testing. Lastly, there's a handful of idiots who don't really know what they're doing, they just know their title and salary and are extremely good at putting the blame on others to protect that title and salary.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?