VMware Closes Holes

Tuesday, June 19, 2012 @ 02:06 PM gHale


VMware has two security problems in its virtualization solutions.

These vulnerabilities affect VMware Workstation, Player, Fusion, ESXi and ESX, company officials said.

RELATED STORIES
VMware Cloud Security Issue
Upgrades for Critical VMware Issues
VMware Patches One Version
VMware Breached; Code in Wild

The first of these holes is a memory corruption issue when loading Checkpoint files. To exploit the flaw an attacker must already be able to load a specially crafted Checkpoint in a virtual machine (VM) in order to execute arbitrary code on a host.

The other issue is a remote denial-of-service (DoS) vulnerability caused by manipulated traffic from a remote virtual device.

Further details, including links to patches are in the company’s security advisory.

These are not the first issues for VMware as late last month security researchers found it is possible to break out of the virtualization hypervisor of VMware ESXi 5.0 using crafted VMware images.

If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) cloud offering, a malicious user could access all data on the server, including other customers’ user passwords and virtual machines, said researchers from security provider ERNW.

They were able to manipulate the virtual disk images in a way that caused host disks to mount in the guest system after launching the VM.



Leave a Reply

You must be logged in to post a comment.