A security vulnerability has been identified in VMware Workstation version 5.5: A program which is running in the virtual guest operating system could read and write arbitrary files on the physical host computer. The vulnerability has been fixed in VMware Workstation 5.5.4, Build 44386. If you are using VMware Workstation to test potentially malicous programs, like suspicious e-mail attachements or software you downloaded from untrusted websites, you should immediately install the update.
The vulnerability is in the "Shared Folders" feature of VMware Workstation which allows folders on the physical "host" system to be shared with virtual "guest" systems. Due to a flaw in the code which validates that the filename is safe, an attacker or malicious code within the guest system can read or write files on the host system in the context of the user running Workstation. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the "Shared Folders" feature is enabled by default, no folders are shared by default. If the 'Read Only' option for a shared folder is set, the attacker will only be able to read files from the host.
According to the vulnerability report, VMware Tools is not required to exploit this vulnerability, so you are vulnerable even if you did not install the tools in the guest system.
VMware Workstation version 5.5.4 fixes a number of additional denial-of-service vulnerabilities.
Vulnerability Report
VMware Workstation 5.5.4 Release Notes
This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Security Update for VMware Workstation 5.5
Started by
Stefan Krueger
, May 04 2007 12:53
No replies to this topic
Stefan Krueger
-
- Administrators
- 13,269 posts
InstallSite.org
Posted 04 May 2007 - 12:53
Stefan Krüger
InstallSite.org twitter facebook