VMware Cloud Security Issue

Thursday, May 31, 2012 @ 04:05 PM gHale


It is possible to break out of the virtualization hypervisor of VMware ESXi 5.0 using crafted VMware images, security experts said.

If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) cloud offering, a malicious user could access all data on the server, including other customers’ user passwords and virtual machines, said researchers from security provider ERNW.

RELATED STORIES
Security Holes in Cloud Storage
Cloud Computing Security Woes
Critical Flaw in Encryption Software
Microsoft Adjusts as Duqu Lingers

They were able to manipulate the virtual disk images in a way that caused host disks to mount in the guest system after launching the VM.

Successful attacks mounted in this way against fully patched copies of ESXi 5.0, but the researchers point out that, as far as they are aware, this has so far only happened under laboratory conditions.



Leave a Reply

You must be logged in to post a comment.