20 September 2007, 12:10

VMware fixes vulnerabilities in numerous products

Virtualisation software vendor VMware has released numerous product updates which fix vulnerabilities in almost all the products in their portfolio. Attackers can exploit these vulnerabilities to, for example, break out of the guest system in the virtual machine or terminate processes on the host system. The VMware security advisory lists a total of 20 entries in the Common Vulnerabilities and Exposures (CVE) database which relate to security vulnerabilities fixed by the new versions.

Particularly critical are the vulnerabilities which enable attackers or malicious software to break out of the virtual machine. From an account with administrator privileges on a guest system, attackers can manipulate the memory of host processes leading to execution of injected malicious code. It is also possible to crash processes on the host system. In the integrated DHCP server, crafted packets may allow access with SYSTEM privileges.

Where the host system is Windows, as a result of errors in the IntraProcessLogging.dll and vielib.dll libraries remote users can overwrite arbitrary files on the host. In addition, Windows versions start some services with unsafe arguments, enabling attackers to escalate their privileges. The updates also fix vulnerabilities in third party products, such as the Samba or Kerberos versions of the ESX server included with the software.

ESX server versions 2.0.2, 2.1.3, 2.5.3, 2.5.4, 3.0.0 and 3.0.1 are affected. VMware has also released updates for workstation versions 5.5.5 and 6.0.1, server version 1.0.4, ACE 1.0.4 and 2.0.1 and VMware Player 1.0.5 and 2.0.1. The addresses for download, including MD5 checksums for checking file integrity after downloading the updated versions, can be found at the end of the security advisory. VMware administrators and users should install the updated versions as soon as possible to prevent malicious software or attackers from exploiting the critical vulnerabilities in the virtual environment.