VMware address critical issues in Workstation, Player, ESXi and ESX
VMware has published a security advisory that addresses critical security flaws in the company's Workstation, Player, Fusion, ESXi and ESX products. There are five flaws detailed in the advisory.
ESX 3.5 to 4.1 and ESXi 3.5 to 5.0 are affected by a host memory overwrite vulnerability in the handling of RPC commands and data pointers that means a guest user could crash a VMX process. VMware notes that the issue can be worked around by configuring virtual machines that use less than 4GB of memory. The workaround though is not an effective remedy for a similar issue with RPC and function pointers. Both issues could be exploited without root/administrator access.
Another issue, again only affecting ESX and ESXi, means that a flaw in the handling of NFS traffic can overwrite memory and can be used to execute code on an ESX/ESXi system without authentication; however the issue only occurs with NFS traffic. A floppy device out-of-bounds memory write and an unchecked SCSI device memory write issue both affect Workstation 8.x, Player 4.x and Fusion 4.x, as well as ESXi and ESX; removing the virtual floppy drive or SCSI device from virtual machines will work around the problem. Both issues require root/administrator access to exploit.
VMware Workstation users should upgrade to Workstation 8.0.3, Player users should upgrade to Player 4.0.3 and Fustion users should update to version 4.1.2. The advisory also contains details of the patches for the various versions of ESX and ESXi and offers a common mitigation for most of the issues which involves not allowing untrusted users to use virtual machines.