Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: VMware Fusion updates to fixes a couple of bugs SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMware Fusion updates to fixes a couple of bugs

VMWare have informed us that an update is available for their Apple Mac version of their VMWare environment, VMWare Fusion.

The update  fixes a vulnerability found in all versions of VMWare Fusion, so if you use this product, it is time to update. A vulnerability for one of the issues has been published.

The published vulnerability apparently produces a remote shell with root privileges but I have not tested it at this time.

The exploit writer comments:

"The vmx86 kext ioctl handler permits an unprivileged userland program to initialize several function pointers via the 0x802E564A ioctl code. These function pointers are later used from several reachable locations within the driver, one of which is called immediately after initialization."

 

Stephen

89 Posts
Oct 2nd 2009

Sign Up for Free or Log In to start participating in the conversation!