Update closes critical holes in VMWare Workstation, Player and ACE
A flaw in VMWare's shared folders has been identified, which could allow an attacker to break out of the guest virtual machine. A similar problem was found and fixed in Feburary this year. A heap overflow in the VMware Host Guest File System (HGFS) allows users to break out of the virtual environment. According to a statement by the vendor the overflow allows malicious code to be executed on the host system. However, shared folders are not enabled by default in any VMware products. VMware Workstation 6.0.3, VMware Player 2.0.3, VMware ACE 2.0.3 and VMware Fusion 1.1.1 are affected, as are the earlier versions of the equivalent products for Windows, Linux and Mac. VMware Workstation 5.x, VMware Player 1.x and VMware ACE 1.x are not affected, although the vendor has explicitly pointed out that these products will no longer be supported from September 11, 2008. VMware Server, ESX and ESXi are not vulnerable because they don't support shared folders.
The new versions also fix another vulnerability which allowed attackers to inject and execute arbitrary code on the host system. The problem was caused by an undocumented flaw in the experimental Virtual Machine Communication Interface (VCMI) feature of VMware Workstation 6.x, VMware Player 2.x and VMware ACE 2.x. This feature is designed to enable guest systems to communicate with each other. The flaw affects Windows systems but not Linux systems. The vendor already had to fix a vulnerability in VCMI in a previous update.
See also:
- Download area for desktop virtualisation products
- VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues, advisory by VMWare
(mba)