|
 |
|
VMware Products Shared Folders Directory Traversal Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA29117
|
|
|
Release Date:
|
2008-02-26
|
|
Last Update:
|
2008-03-18
|
|
|
Critical:
|

Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | VMware ACE 1.x VMWare ACE 2.x VMware Player 1.x VMWare Player 2.x VMware Server 1.x VMware Workstation 5.x VMware Workstation 6.x
|
| | CVE reference: | CVE-2008-0923 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: Gerardo Richarte has reported a vulnerability in VMware products, which can be exploited by malicious, local users or malicious applications to bypass certain security restrictions.
The vulnerability is caused due to an input validation error when handling pathnames within a shared folder in a guest OS. This can be exploited to e.g. read or write arbitrary files on the host OS via directory traversal attacks.
This is reportedly related to #5 in:
SA25079
Successful exploitation requires that the shared folders feature is enabled with at least one folder configured for sharing between host and guest.
The vulnerability affects the following products and versions on Windows:
* VMware Workstation 6.0.2 and earlier
* VMware Workstation 5.5.4 and earlier
* VMware Player 2.0.2 and earlier
* VMware Player 1.0.4 and earlier
* VMware ACE 2.0.2 and earlier
* VMware ACE 1.0.2 and earlier
* VMware Server prior to 1.0.5
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: VMware Player:
Update to version 1.0.6 or 2.0.3.
http://www.vmware.com/download/player/
VMware ACE:
Update to version 2.0.3 or 1.0.5.
VMware Workstation:
Update to version 6.0.3 or 5.5.6.
VMware Server:
Update to version 1.0.5.
Provided and/or discovered by: Gerardo Richarte, Core Security Technologies.
Changelog: 2008-03-17: Updated "Solution" section. Added VMware Server to list of affected products.
2008-03-18: Added link to "Original Advisory" section. Updated "Solution" section with additional information for VMware Player 1.x, VMware ACE 1.x, and VMware Workstation 5.x.
Original Advisory: VMware:
http://kb.vmware.com/selfservice/micr...;cmd=displayKC&externalId=1004034
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
CORE-2007-0930 (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
Other References: SA25079:
http://secunia.com/advisories/25079/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. VMware Products Multiple Vulnerabilities
|
|
2. VMware Server Multiple Vulnerabilities
|
|
3. VMWare Products Multiple Vulnerabilities
|
|
4. VMWare Workstation vstor-ws60.sys Denial of Service
|
|
5. VMware Products Multiple Vulnerabilities
|
|
6. VMware vmware-config.pl Insecure SSL Key File Permissions
|
|
7. VMware NAT Networking Buffer Overflow Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|

|
 |
Secunia PSI Scan | Patch | Track Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|