VMware vuln exposes the perils of virtualization | The Register:
“A vulnerability was found in VMware’s shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. Exploitation of these vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.
Successful exploitation requires that the Shared Folder’s feature to be enabled which is the default on VMware products that have the feature AND at least one folder of the Host system is configured for sharing.” http://www.coresecurity.com/?action=item&id=2129
“By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. In order to exploit this vulnerability, the virtual machine must have the shared folders feature manually enabled and at least one folder configured for sharing between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 6, Player 2, and ACE 2.
Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest. Given the requirements of the vulnerability, it cannot be exploited by default in Workstation 5, Player 1, and ACE 1.” http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
Notice the default setting of my VMware 6.0.2 workstation… shared folders disabled…NOT enabled as VMware states.
Notice the “Dude, you do this man, and you are soooooo screwed” warning in the Folder sharing GUI.
At first I too fell for the “Virtualization is full of perils” headlines …and then I stopped to read a bit more and then went…hang on… those shared folders are off…those shared folders do expose you to risk… those shared folders SHOULD NEVER BE turned on if you think that you can’t trust the guest to the host…. so exactly where is the default vulnerability here? Am I missing something?