|
VMware Products Shared Folders Directory Traversal Vulnerability
|
|
Secunia Advisory:
|
SA29117
|
|
|
Release Date:
|
2008-02-26
|
|
Last Update:
|
2008-03-18
|
|
Popularity:
|
7,949 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | VMware ACE 1.x
VMWare ACE 2.x
VMware Player 1.x
VMWare Player 2.x
VMware Server 1.x
VMware Workstation 5.x
VMware Workstation 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2008-0923
|
|
Description:
Gerardo Richarte has reported a vulnerability in VMware products, which can be exploited by malicious, local users or malicious applications to bypass certain security restrictions.
The vulnerability is caused due to an input validation error when handling pathnames within a shared folder in a guest OS. This can be exploited to e.g. read or write arbitrary files on the host OS via directory traversal attacks.
This is reportedly related to #5 in:
SA25079
Successful exploitation requires that the shared folders feature is enabled with at least one folder configured for sharing between host and guest.
The vulnerability affects the following products and versions on Windows:
* VMware Workstation 6.0.2 and earlier
* VMware Workstation 5.5.4 and earlier
* VMware Player 2.0.2 and earlier
* VMware Player 1.0.4 and earlier
* VMware ACE 2.0.2 and earlier
* VMware ACE 1.0.2 and earlier
* VMware Server prior to 1.0.5
Solution:
VMware Player:
Update to version 1.0.6 or 2.0.3.
http://www.vmware.com/download/player/
VMware ACE:
Update to version 2.0.3 or 1.0.5.
VMware Workstation:
Update to version 6.0.3 or 5.5.6.
VMware Server:
Update to version 1.0.5.
Provided and/or discovered by:
Gerardo Richarte, Core Security Technologies.
Changelog:
2008-03-17: Updated "Solution" section. Added VMware Server to list of affected products.
2008-03-18: Added link to "Original Advisory" section. Updated "Solution" section with additional information for VMware Player 1.x, VMware ACE 1.x, and VMware Workstation 5.x.
Original Advisory:
VMware:
http://kb.vmware.com/selfservice/micr...;cmd=displayKC&externalId=1004034
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
CORE-2007-0930 (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
Other References:
SA25079:
http://secunia.com/advisories/25079/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
