A report showed up on the bugtraq and vulnwatch mailing lists in the last few hours about a vulnerability (discovered by Tim Shelton) in a number of VMWare products (including Workstation, GSX, ACE, and player), that would allow the attacker to escape the virtual machine and execute code in the underlying host OS. There are new builds which correct the issue (VMWare Workstation 5.5 is now up to build 19175, e.g.) dated 20 Dec on their website, and the bulletin has a timeline section that states that VMWare acknowledged the vulnerability when they released the new builds. This one is pretty significant for folks who use VMWare for malware analysis or even to isolate/sandbox their web browsing and you are urged to update to the latest build or disable NAT as soon as possible. From looking at the bulletin, it appears that Mr. Shelton has created a Metasploit module to exploit this vulnerability.
The vulnwatch article is here.
The Secunia advisory is here
VMWare's response is here.
Jim Clausing, jclausing at isc.sans.org
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Northern VA - Fairfax 2020
Dec 21st 2005
1 decade ago