Skip navigation.
Home

VMware Vulnerability: Time to Upgrade

Core Security found a pretty spectacular vulnerability in Vmware. If you have shared folders with the guest OS a program running inside the VM can modify any file on the host. Given how dependent we are on VMs for malware analysis it would be a good idea to upgrade. Hats off to Core for finding this bug.

"A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it."

Pretty detailed information

Pretty detailed information of the exploit.

http://blog.threatexpert.com/2008/02/about-vmware-exploit.html

Backtrack

Old story,why all the sudden awareness,where was this a year and half ago when I lost my first host to a stupid chinese autorun worm and whats worse,I dont even like chinese worms. :)

Keep in mind,defaults for VM are NAT Network + Drag&Drop\Copy&Paste from vm to host,shared folders is asking for troubles,see below.

On the other hand,with other,newer vms where you have to manually bridge your own net and set up your own shared folders....ffs...never....EVER....run allape with ReadOnly attributes to the shared folder OFF!

Mark that as a 5th host lost to malware but it was a year old,need its pipes cleaned.

Consider seriously to

Backup, backup, backup... never play with malware without a backup.

exactly

That is the best course of action out of them all.

Even without playing with

Even without playing with malwares backups are a must, at least if you care about the data.