Feb

27

Newly discovered flaws in VMWare allow malware applictions running in VMWare to escape the sandbox. These application can view and modify files in the underlying host operating systems, according to this article on Compuworld, although to be fair it’s popping up on a number of sites.

As of Sunday, there was no patch available for the flaw, which affects VMware’s Windows client virtualization programs, including Workstation, Player and ACE. The company’s virtual machine software for Windows servers and for Mac- and Linux-based hosts are not at risk.

“Why should we care?” you might ask. Over the couple of years, there’s been a movement towards virtualized infrastructure in larger IT shops, and even some smaller ones. This allows companies to provide “part” of a server to an individual user, application, or team, but host that partial server on another larger server, or even a cluster or grid computer. These virutual servers can be scaled and reconfigured more easily than a real, physical server as well. This makes more efficient use of the computing infrastructure, plus makes it very easy to set up and tear down new virtual servers. It’s a win-win situation.

The discovery of this flaw that allows applications to “see” the underlying host OS could be a significant problem for the budding trend towards virtualization if it’s not addressed soon. VMWare isn’t currently telling us when a patch will be available, but they provide a work-around in the meantime:

“On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations,” confirmed VMware.

VMware has not posted a fix, but it instead told users to disable shared folders.

So until a fix is available, if you’re running VMWare in Windows, disable those shared folders, folks.


Comments

RSS feed | Trackback URI

2 Comments »

Comment by Peter H Coffin
2008-02-28 07:48:53

One detail I’ve been worndering about is whether malware could see the whole of the underlying OS, or just the part that’s shared. (Obviously, this wouldn’t prevent people from sharing whole drives “for convenience”… It is much harder to help such people, though.)

Reply to this comment
Comment by Keith McMillan
2008-02-28 20:34:09

I had the impression that once escaping to the underlying OS, programs could access files outside the share, so I went back and checked. Yep, sure enough:

“On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations,” confirmed VMware.

Reply to this comment
 
 
Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.

Blogroll