-
February 26th, 2008, 01:21 AM
#1
VMWare Vulnerabilities
For those of you that haven't been paying attention (or don't run VMWare and don't care all that much)... This has been a big week for VMWare
First, we saw the release of patches for ESX Server... patched vulnerabilities included: Python PCRE Module, aacraid driver and a Samba vulnerability. The effects of these ranged from DoS to local privilege escalation to remote buffer overflow. To me this identifies the reason why building a "hypervisor" out of linux is flawed... Hopefully as ESX 3i becomes more popular, we'll see many of these "generic" vulnerabilities disappear.
Today the virtualization issue just got worse... as Core Technologies announced that it was possible to break out of VMWare Shared Folders on VMWare Workstation, Player and Ace. While Shared Folders are disabled by a default, a lot of Downloadable VMs have them enabled, as do many VMs that people build...due to the usefulness of shared folders. If malware researchers forget they have shared folders enabled, malware could do some nasty things.
I'm really starting to wonder how fully vetted the concept of virtualization is. I know it's been around for some time, and existed quite a while ago in the context of mainframes... but VMWare, Virtual Server/PC and Parallels don't seem to be doing much to improve the security of their products. As I said.. 3i may be an improvement but in that case only time will tell.
Similar Threads
-
By J_K9 in forum Other Tutorials Forum
Replies: 0
Last Post: December 19th, 2005, 11:55 AM
-
By Shakira in forum Newbie Security Questions
Replies: 9
Last Post: February 16th, 2004, 10:07 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: October 25th, 2002, 12:26 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 1
Last Post: October 1st, 2002, 05:03 PM
-
By sweet_angel in forum AntiOnline's General Chit Chat
Replies: 11
Last Post: September 28th, 2002, 02:59 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|