Feeds

back to article 'Let anyone be administrator' bug in VMware snapped shut

VMware has published a security update for its virtualisation software including its ESX, Workstation, Fusion and View products. A range of applications made by the EMC-owned vendor should therefore be patched to squash a privilege-escalation vulnerability in the VMCI.SYS driver. The flaw affects host machines running Microsoft …

COMMENTS

This topic is closed for new posts.
Bronze badge

not a bug in the hypervisor

If I'm reading the advisory right this is simply a bug that allows privilege escalation from within a windows system - and has nothing to do with the hypervisor itself right ?

the article is murky to me in that area but I think that is what the advisory says.

1
0
Bronze badge
Thumb Up

Re: not a bug in the hypervisor

I'm reading it as a bug in one of the drivers provided by the VMware Tools package allowing privilege escalation in a Windows VM running the affected driver.

1
0
(Written by Reg staff) Silver badge

Re: not a bug in the hypervisor

"the article is murky to me in that area"

Well only because VMware isn't exactly being forthcoming about the bug, but that's understandable. We're not the only ones scratching our heads.

You're right that it's not a hypervisor escape, if that's what you meant: presumably the vulnerable VMware .SYS is present on the host and guest Windows OSes and can be exploited to escalate local privileges. VMware's KB is down for me right now.

Of course, if anyone knows better, answers on a postcard etc.

C.

0
0
Anonymous Coward

Re: not a bug in the hypervisor

Worth noting that vSphere alone has more security bugs than the whole Windows Server OS:

http://secunia.com/advisories/product/25985/

Whereas Hyper-V has close to zero known vulnerabilities!

0
0
Bronze badge

Re: not a bug in the hypervisor

You sure your not confusing comparing Windows server OS to all vmware products?

http://secunia.com/advisories/product/25985/?task=statistics

shows 35 advisories for ESX 4.x

Windows 2008 (closest comparison since it was released within about a year of ESX 4.x)

http://secunia.com/advisories/product/18255/?task=statistics

says 160 advisories for windows 2008.

not that I care either way..most of my VMs are linux, and support for Linux under Hyper-V is a joke compared to VMware.

2
0
Anonymous Coward

Re: not a bug in the hypervisor

I am sure. You seem to be confusing advisories (i.e. communications) with vulnerabilities.

Secunia shows 672 vulnerabilities for ESX 4.x and 373 vulnerabilities for Windows Server 2008.

And as per the above, Hyper V Server has only 1 known vulnerability as far as I am aware, and that was only a denial of service.

Where we dont often have have to run legacy UNIX software, on the few occassions that we do, I have not encountered any support issues for Linux with Hyper-V. You just mount the CD image, and install the drivers, and it works.

0
0

ESX is not part of vSphere (ESX != ESXi)

Just one problem, ESX is not part of vSphere. ESXi is the core of vSphere. ESX is legacy technology which is AFAIK due to go unmaintained.

ESXi 5.x - the latest maintained version: https://secunia.com/advisories/product/39098/?task=advisories

For the record, Hyper-V vulnerabilities are Windows vulnerabilities, therefore you need to check Windows advisories. To show a serious local DoS problem Hyper-V used to have from host-side: http://secunia.com/advisories/44908/

0
0
Anonymous Coward

Re: ESX is not part of vSphere (ESX != ESXi)

ESX4 is the previous major version and is still maintained. As per the above a comparison with Server 2008 is valid.

For ESXi, they just ditched that legacy Linux console rubbish as an interface and moved to Powershell. If you prefer to consider ESXi, then version 5 already has 177 known vulnerabilities: http://secunia.com/advisories/product/39098/

Comparing to Windows Server 2012 - which is a much larger product, but only has 25 known vulnerabilities - http://secunia.com/advisories/product/42761/

For the record, Hyper-V vulnerabilities are NOT equivalent to Windows Server vulnerabilities. Hyper-V Server includes pretty much only the Windows micro kernel plus a few low level libraries and some drivers.

Only a single DOS issue in 6+ years is a pretty impressive security record. It was only exploitable by authenticated local users, so it was not a 'serious' issue at all.

1
0
G4Z
Thumb Down

urgh

Does anybody else find patching ESXi to just be the biggest ballache?

I have to do these updates at my place and I get nothing but problems, updates never ever go smoothly. Is it just me?

0
0
Jop
Alien

Mud

So the explanation given is as clear as VMwares renamed product range.

If it is not Hypervisor then it has to be through tools or drivers that link the host and guest. Obviously.

0
0
This topic is closed for new posts.