Virtualization Technology News and Information
Article
RSS
VMware Security Advisories Posted

Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line.  Relevant releases include VMware Workstation 6.0.3 and earlier, VMware Player 2.0.3 and earlier, VMware ACE 2.0.3 and earlier, VMware Fusion 1.1.1 and earlier.

Users of VMware hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x should note that although they are not vulnerable to these issue, they will reach their end of general support on 2008-11-09.  Customers should plan to upgrade to the latest version of their respective products.

VMware HGFS File System Heap Overflow - The VMware Host Guest File System (HGFS) shared folders feature allows users to transfer data between a guest operating system and the non-virtualized host operating system that contains it.  A heap buffer overflow condition is present in VMware HGFS. Exploitation of this flaw might allow an unprivileged guest process to execute code in the context of the vmx process on the host.  In order to exploit this vulnerability, the VMware system must have at least one folder shared. Two things must happen for a folder to be shared. 1) Shared folders must be enabled, and 2) a folder must be selected from the host system to be shared. No folders are shared by default in any version of our products, which means this vulnerability is not exploitable by default. Workstation 6.x, Player 2.x, and ACE 2.x have shared folders disabled by default.  VMware Server, ESX and ESXi do not provide the shared folders feature. Because there is no back-end for the HGFS protocol on the virtualization host, these products are architecturally immune to this issue.  This issue might not be exploitable on host operating systems which have implemented heap protection.  VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and exposures project (cve.mitre.org) has assigned the name CVE-2008-2098 to this issue.

Windows based VMCI arbitrary code execution vulnerability - VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, and VMware ACE 2.0. It is an experimental, optional feature that allows virtual machines to communicate with one another. With VMCI enabled a guest may execute arbitrary code in the context of the vmx process on the host. This is a compiler dependent vulnerability and only affects systems running on windows hosts. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2099 to this issues.

Check out VMSA-2008-0008, and find out more information by going to VMware's Web site.

Published Sunday, June 01, 2008 9:38 AM by David Marshall
Filed under:
Comments
VMware Patches Security Vulnerabilities In Multiple Product Lines | Virtualization.com - (Author's Link) - June 1, 2008 4:15 PM
Virtual Enthusiasm - (Author's Link) - June 2, 2008 9:16 AM

Found this posted on VMBlog.com Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line.  Relevant releases include VMware Workstation 6.0.3 and earlier, VMware Player 2.0.3 and earli

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<June 2008>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345