Secunia Security Advisory - Gerardo Richarte has reported a vulnerability in VMware products, which can be exploited by malicious, local users or malicious applications to bypass certain security restrictions.
139af73cf5f8e5ddccbc81b44e24e5a7caa1c6cc6753fc35ed8f8ca73dd80141
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
VMware Products Shared Folders Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA29117
VERIFY ADVISORY:
http://secunia.com/advisories/29117/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
Local system
SOFTWARE:
VMware Workstation 5.x
http://secunia.com/product/5080/
VMware Workstation 6.x
http://secunia.com/product/14321/
VMware Player 1.x
http://secunia.com/product/6594/
VMWare Player 2.x
http://secunia.com/product/15771/
VMware ACE 1.x
http://secunia.com/product/6593/
VMWare ACE 2.x
http://secunia.com/product/15772/
DESCRIPTION:
Gerardo Richarte has reported a vulnerability in VMware products,
which can be exploited by malicious, local users or malicious
applications to bypass certain security restrictions.
The vulnerability is caused due to an input validation error when
handling pathnames within a shared folder in a guest OS. This can be
exploited to e.g. read or write arbitrary files on the host OS via
directory traversal attacks.
This is reportedly related to #5 in:
SA25079
Successful exploitation requires that the shared folders feature is
enabled with at least one folder configured for sharing between host
and guest.
The vulnerability affects the following products and versions on
Windows:
* VMware Workstation 6.0.2 and earlier
* VMware Workstation 5.5.4 and earlier
* VMware Player 2.0.2 and earlier
* VMware Player 1.0.4 and earlier
* VMware ACE 2.0.2 and earlier
* VMware ACE 1.0.2 and earlier
SOLUTION:
The vendor recommends disabling the shared folders feature until a
patch is available. Please see the vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Gerardo Richarte, Core Security Technologies.
ORIGINAL ADVISORY:
VMware:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
CORE-2007-0930 (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
OTHER REFERENCES:
SA25079:
http://secunia.com/advisories/25079/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------