VMware spots flaw in Windows-hosted client software

VMware has released a security advisory that addresses a vulnerability in several of its virtualization products.

The "critical" vulnerability, discovered by Core Security, impacts shared-folder configurations on Windows-hosted VMware client software.

VMware's shared folders allow users to transfer data between a virtualized system, known as guests, and the non-virtualized host system that the virtualized system is running on.

To maintain effective isolation between guest and host systems, this mechanism should limit access from the guest to host system folders earmarked for sharing with the virtualized guests. The vulnerability found in VMware's shared-folders mechanism grants users of a guest system read and write access to any portion of the host's file system, including the system folder and other security-sensitive files.

Exploiting this vulnerability allows an attacker to break out of an isolated guest system to compromise the underlying host system that controls it, according to VMware's security advisory.

The problem is caused by what Raul Siles, a security researcher at the SANS Internet Storm Center, called a directory traversal vulnerability on the VMware shared-folder capabilities on Windows. The flaw allows a program running in the "guest" mode to gain access to the host's file system and create or modify executable files in sensitive locations.

The bug impacts VMware Workstation 6.0.2 and earlier and VMware Workstation 5.5.4 and earlier; VMware Player 2.0.2 and earlier; VMware Player 1.0.4 and earlier, and VMware ACE 2.0.2 and earlier and VMware ACE 1.0.2 and earlier.

VMware said that its VMware Server is not affected because it does not use shared folders. Similarly, VMware Fusion and Linux-hosted VMware products are not impacted, neither are the company's ESX Server, including ESX Server 3i.

Until VMware releases a patch for this vulnerability, the company recommends that users of Windows-hosted VMware products disable shared folders in the global settings. Instructions to do this are available in the VMware security advisory.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.