Upgrades for Critical VMware Issues

Monday, May 7, 2012 @ 10:05 AM gHale

A security advisory is out from VMware that addresses critical security flaws in the company’s Workstation, Player, Fusion, ESXi and ESX products. The advisory details five flaws.

ESX 3.5 to 4.1 and ESXi 3.5 to 5.0 suffer from a host memory overwrite vulnerability in the handling of RPC commands and data pointers that means a guest user could crash a VMX process. VMware said users can work around the issue by configuring virtual machines that use less than 4GB of memory.

VMware Patches One Version
VMware Breached; Code in Wild
One Site can end up a Malicious Hive
Flashback Variant Hits Macs

The workaround though is not an effective remedy for a similar issue with RPC and function pointers. Both issues suffer an exploit without root/administrator access.

Another issue, only affecting ESX and ESXi, has a flaw in the handling of NFS traffic that can overwrite memory and can execute code on an ESX/ESXi system without authentication.

That issue, however, only occurs with NFS traffic. A floppy device out-of-bounds memory write and an unchecked SCSI device memory write issue affect Workstation 8.x, Player 4.x and Fusion 4.x, as well as ESXi and ESX; removing the virtual floppy drive or SCSI device from virtual machines will work around the problem. Both issues require root/administrator access to exploit.

VMware Workstation users should upgrade to Workstation 8.0.3, Player users should upgrade to Player 4.0.3 and Fustion users should update to version 4.1.2. The advisory also contains details of the patches for the various versions of ESX and ESXi and offers a common mitigation for most of the issues which involves not allowing untrusted users to use virtual machines.

Leave a Reply

You must be logged in to post a comment.