back to article VMware vuln exposes the perils of virtualization

Security researchers have discovered a bug in VMware desktop virtualization applications that allows attackers to take complete control of the underlying PC, including the execution or modification of files on the host operating system. The vulnerability, which was unearthed by researchers from Core Security Technologies, is …

COMMENTS

This topic is closed for new posts.
  1. Morely Dotes

    Of course...

    One could always use VirtualBox instead of VMware.

    http://www.virtualbox.org/

    I am not connected with the project in any way.

  2. Anonymous Coward
    Paris Hilton

    And if VMware file sharing is disabled...?

    If VMware file sharing is disabled, which of course sensible people would do when running untrusted (or worse) software as the guest OS, does this exploit still succeed? Hopefully not, though afaict the article doesn't say either way. Anyway if it does become safe, the article title maybe ought to be "VMware vuln exposes the perils of being dumb".

    Paris isn't dumb but she may be vulnerable. Or is that the other way round, I forget.

  3. Kris Chaplin
    Thumb Down

    No security expert worth their salt

    Would share files from a sandbox to their host PC. Sad to see that VMware has this vulnerability though - hope to see it patched soon!

  4. Anonymous Coward
    Thumb Down

    More and more VMware security bugs

    As a very large VMware who has invested more than a few quid in VMware products (both desktop and server), the bloody bloom is off the rose. VMware security bugs are commonplace and the quality of their products has taken a major downturn since VI3. Version 3.0 was released about six months too early and after some proper testing, 3.0.2 was released as an apology.

    It's time to right the ship gents.

  5. El Mono Grande
    Thumb Up

    What VERSION of VMware Workstation?

    Is the Linux version of Workstation vulnerable to this bug? The bulletin from Core doesn't go into details on what OS version or what release version of VM Workstation is affected.

  6. Calum Morrison
    Coat

    Is it just me..?

    Or has no-one else notice Core's CTO's name? Best name ever or just stating the bleeding obvious?

  7. stizzleswick
    Alert

    @Anonymous Coward

    If you read the end of the article, I think you will find your question answered...

    @El Mono Grande: As with all security bugs, it is safe to assume that all versions up to and including the most recent one, for all OSs, are affected.

  8. Cameron Colley

    Only to be expected.

    Since VMware is just another piece of software, then bugs like this should be expected -- much like leaks discovered in Java's sandbox. If you can code something, chances are someone else can code around it, given enough time.

  9. Stuart Van Onselen
    Unhappy

    Back to the future...

    "method for dividing a PC's resources into separate environments that - in theory, at least - can't be altered by other environments."

    According to that definition, ALL operating systems SHOULD count as VM hosts out-of-the-box. In theory, all processes should be completely isolated from all others, except for a select few carefully-defined comms channels, with effective access controls placed everywhere.

    Of course, that's where reality raises its ugly head. But sloppy design, compromises in the name of performance, and backwards-compatibility with previous sloppy designs take their toll. User convenience causes the controls to be relaxed and the allowed channels to proliferate. And that's before we even start talking about actual bugs...

    So now we implement virtual machines to restore the security that our OS's couldn't deliver. Except that our VMs suffer from user convenience demands, sloppy design, performance compromises, backwards compatibility, and bugs.

    Let's just give it up and move back to the abacus...

  10. Ron Eve

    @Calum Morrison

    Thanks for the heads up. I misread it first time! Brilliant!

  11. Anonymous Coward
    Happy

    "Core's CTO Ivan Arce"

    C'mon, _really_? That's gotta be an early April 1!

  12. Mike Westmacott
    Black Helicopters

    A month of....

    I'd start with VMWare tools - which supplies amongst other things a screen driver. Then there's the VNC back door, the sound card, the USB passthrough....

    And he really really really is called that:

    http://www.coresecurity.com/?module=ContentMod&action=item&id=47#ivan

  13. Karl Lattimer

    looks like the register effect has struck again

    seems ivan arce is just too much for people to ignore and they've followed the link killing core's website...

    the reg effect!

  14. Anonymous Coward
    Anonymous Coward

    Another slant on the story

    http://www.pcpro.co.uk/news/171459/real-risk-for-vmware-users.html

  15. Andy Turner

    Easy fix

    Run your VMWare within a Virtual PC...

  16. conan
    Happy

    It's true!

    He really is called Ivan Arce. Look!

    http://www.coresecurity.com/?module=ContentMod&action=item&id=47

    Best ever Register story

  17. namtog

    MIght also affect Vitual Box

    Greetings,

    As Morely Dotes noted you could use Virtual Box. Problem be it also has a shared folder function and is probably affected by this exploit.

    The difference is it is not set up by default. Look in the user manual, section 4.4 for more info on enabling shared folders between host and guest.

    Or be a little safer and leave it disabled when exploring malware.

  18. Phil
    Pirate

    Is Privilege Escalation Involved?

    As far as I can see from the linked article this is just a directory traversal issue. This means that the underlying OS is only as vulnerable as permitted by the account running the virtual machine - not an immediately pwned situation if you run the vm as a limited (i.e. non-admin) user.

    If you run a vm without any security then you risk having your host disk read and broadcast on the internet (and incriminating evidence planted on it too.)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019