VMWare Security Crumbling: Not Really
February 26, 2008 — secauditorThis week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. The exploitation of this vulnerability allows attackers to break out of a Guest system to compromise the underlying Host system that controls it. To understand what is bad about this you have to see that the Guest system has been considered an isolated system.
Many security experts have utilized a virtual environment for testing malware, security exploits and vulnerabilities for years. I to am one of these. The one issue that I see that is creating a problem in these environments that has never really been an issue revolves around shared folders.
