VMware Fixes Security Bugs

The VMWare folks released patches yesterday to deal with a privilege escalation problem and a security bypass issue as well as five other problems.

From VMWare Advisory:

Problem description:

a. Host to guest shared folder (HGFS) traversal vulnerability

On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host’s file system and create or modify executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn’t use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn’t include any shared folder abilities. Fusion and Linux based hosted products are unaffected.


b. Insecure named pipes

An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user.

The same internal security audit determined that a malicious Windows user could exploit an insecurely created named pipe object to escalate privileges or create a denial of service attack. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.

For the rest of the issues please read the full advisory over on VMWare dot com.