VMware Running on Windows Host Security Hole

If you are running VMware on a Windows host configured with host-to-guest shared folders, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations.

A vulnerability exists in VMware’s shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.

Affected versions include:

  • VMware Workstation 6.0.2 and earlier
  • VMware Workstation 5.5.4 and earlier
  • VMware Player 2.0.2 and earlier
  • VMware Player 1.0.4 and earlier
  • VMware ACE 2.0.2 and earlier
  • VMware ACE 1.0.2 and earlier
The following VMware products are not affected:
  • VMware Server is not affected because it does not use shared folders.
  • No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture, not a hosted architecture, it does not include any shared folder abilities.
  • VMware Fusion and Linux-hosted VMware products are unaffected.

Workaround

Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.To disable shared folders in the Global settings:
  1. From the VMware product’s menu, choose Edit > Preferences.
  2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.
To disable shared folders for the individual virtual machine settings:
  1. From the VMware product’s menu, choose VM > Settings.
  2. In the Options tab, select Shared Folders and Disable.

Leave a Reply

Your email address will not be published. Required fields are marked *