Two VMware Vulnerabilities Found, Fixed -- Redmondmag.com

Two VMware Vulnerabilities Found, Fixed

By Joab Jackson
06/06/2008

A pair of vulnerabilities found in several VMware Linux products will require users to update these products to resecure their systems, security analysis firm iDefense announced yesterday.

In the first vulnerability, users can inject arbitrary code into a virtual environment when asked by the VMware program to specify a directory for shared library modules. The software's vmware-authd function grants the user root privilege for this transaction.

VMware Workstation Version 6.0.2.59824 for Linux, VMware GSX Server Version 3.2.1.14497 for Linux and VMware ESX Server 3.0.1.32039 (which does not require an operating system to run) are vulnerable.

VMware has updated its software to eliminate this vulnerability. Alternatively, iDefense recommends modifying the file permissions for the vmware-authd set-uid binary, either eliminating root access entirely or restricting its use to trusted groups.

The second vulnerability, discovered by Stephen Fewer at Harmony Security, occurs in VMware Workstation 5.5.4 with the VMware Tools package installed when it runs a guest version of Windows. This flaw allows an unprivileged user to send arbitrary code to the Windows kernel through a VMware driver called hgfs.sys, which has no access controls.

"With specially constructed input, a malicious user can use functionality within the driver to patch kernel addresses and execute arbitrary code in kernel mode," the iDefense bulletin stated.

VMware has issued a patch to correct the problem. Removal of the Tools package would also eliminate the vulnerability.

Both vulnerabilities have been been submitted to the Common Vulnerabilities and Exposures (CVE) standardized list of names for security issues. The first has been issued the identifier CVE-2008-0967 and the second CVE-2007-5671.

According to iDefense, VMware was notified about the vmware-authd vulnerability on Jan. 30 and the Tools vulnerability on Sept. 19. In both cases, the company responded the same day. The two companies issued a joint public disclosure on the vulnerabilities yesterday.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Featured

Choosing the Right SSID for Your Network

Attracting attention, whether through a default or funny Wi-Fi name, could lead to a security issue.
Microsoft Outlines Latest Security Efforts at Ignite

In the wake of last year's CrowdStrike incident, Microsoft has worked to publicly rehabilitate its security image through new initiatives and public commitments to improve. That push continued this week at Ignite, where Microsoft announced a handful of new security tools and updates.
Nadella on Copilot: 'Major Platform Shifts Are in the Air'

As should be no surprise, Copilot took center stage during Microsoft CEO Satya Nadella's keynote speech to open Microsoft Ignite 2024.
Azure AI Foundry Revealed at Microsoft Ignite

Microsoft is consolidating its Azure generative AI tools into a unified platform named Azure AI Foundry.
Microsoft Bolsters Fabric at Ignite

While Fabric has improved in the year since its release, there are still some glaring issues with the platform.