Exploit code released for critical VMware flaw

A file sharing flaw in VMware can be exploited by an attacker to execute code and access sensitive files.

Security researchers are releasing exploit code today to allow users of VMware's virtualization software to test a new file sharing flaw that could be used by attackers to gain access to a system.

Virtualization technology is simply software and there's no software that I know of that is immune to bugs.
Ivan Arce,
chief technology officerCore Security Inc.

The flaw was discovered by Boston-based Core Security Inc. and it could be dangerous, allowing an attacker to gain complete access to a host system if enterprises enabled the file sharing feature. The issue affects all currently supported Windows-hosted versions of VMware Workstation, ACE, and Player.

VMware confirmed the flaw and issued a security alert to customers and plans to release an update to correct the flaw. In its alert, VMware said the issue does not affect VMware ESX Server or VMware Desktop Infrastructure products.

Core is releasing exploit code to its customers this week, said Ivan Arce, chief technology officer of Core. Arce said the flaw demonstrates the continued weaknesses inherent in virtualization software.

"There's a perception that virtualization technology provides additional security because it provides isolation from the real environment to the virtual environment," Arce said. "While that may be the case, there is also another argument to make, which is that virtualization technology is simply software and there's no software that I know of that is immune to bugs."

The vulnerability could allow an attacker to create or modify executable files on the host operating system, Arce said. Core is warning users to turn off the file sharing feature until VMware comes out with a fix.

"File sharing is a convenient feature to have, because it makes it easier to transfer files from one system to the other, but it's not the only way to transfer files," Arce said.

Virtualization risks:
VMworld: Desktop virtualization drives security skepticism: Virtualization powerhouse VMware is using its conference to promote the merits of desktop virtualization, but some say the technology may prove to be a burden for enterprise security pros.

Instant Gratification: BIOS-level virtualization: One company is driving virtualization down into the BIOS and believes its technology could make computing more secure.

Preparing for virtualization security unknowns: Server virtualization technology is revolutionizing enterprise data centers, but nobody knows just how it will affect enterprise information security.

Will using virtualization software put an enterprise at risk? A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure?

By using a specially crafted PathName to access a VMware shared folder, attackers can exploit the flaw. Arce said researchers came across the discovery while testing an exploit for a Workstation Shared Folders Directory Traversal flaw in VMware Workstation disclosed by Greg McManus of IDefense Labs in March 2007.

VMware patched the previous flaw but left open a loophole for attackers. The vulnerability stems from improper validation of the PathName parameter passed by a potentially malicious program or user in the Guest system to VMware's Shared Folders mechanism, which in turn passes it to the Host system's file system, Arce said.

Despite more than two dozen vulnerabilities reported for VMware software over the last several years, the risk of a malicious attacker targeting virtual environments is low, said Pete Lindstrom, an analyst at Midvale, Utah-based Burton Group. Lindstrom said risk aligns itself with adoption and so far adoption is still low.

"I believe the risk associated with virtualization to be lower than the risk associated with your typical platforms," Lindstrom said. "Virtualization is not replacing anything—it feels like it does, but you've got to put an OS inside of that environment in order to get the software to run."

Dig deeper on Virtualization Security Issues and Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close