VMware vulnerability allows breakout from guest system
VMware has issued a warning about a critical security vulnerability in its VMware Workstation, VMware Player and VMware ACE products that can be exploited by an attacker to break out of a virtualised system. In Windows versions of VMware, if a shared folder for exchanging files has been set up, it is apparently possible to break out of a guest system to the host file system. According to the report, the guest can then create and modify files at arbitrary locations in the directory structure. This makes it possible for a guest to manipulate the host’s Autostart folder to run malicious code after the next reboot. The vulnerability is not so far thought to have been exploited maliciously.
The vendor does not give precise details of the cause of the vulnerability. VMware refers users to security services provider Core Security for further information. Their report is however not yet publicly available.
The following versions are affected:
VMware Workstation 6.0.2 and earlier
VMware Workstation 5.5.4 and earlier
VMware Player 2.0.2 and earlier
VMware Player 1.0.4 and earlier
VMware ACE 2.0.2 and earlier
VMware ACE 1.0.2 and earlier
According to the vendor, VMware server is not affected, as it does not use shared folders. The ESX server, including version 3i, is not vulnerable either, as it has no host to which a guest could gain access. VMware Fusion and VMware products for Linux are also unaffected.
Shared folders are not activated by default in Workstation 6, Player 2 and ACE 2. Shared folders are activated by default in Workstation 5, Player 1 and ACE 1, but a successful attack requires at least one folder to have been voluntarily configured as shared. These versions are therefore not vulnerable by default.
No patch or update is currently available. The vendor recommends that affected users deactivate this function. A similar vulnerability in VMware relating to shared folders was disclosed in early May of last year.
- Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE, security advisory from VMware