Network Security: Detailed info on Re: VMWare poor guest isolation design

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: VMWare poor guest isolation design

from [Matt Richard] Network Security

[Permanent Link]

Subject:	Re: VMWare poor guest isolation design
Date:	Fri, 24 Aug 2007 10:43:34 -0400

On 8/23/07, Arthur Corliss <corliss@digitalmages.com> wrote:

On Wed, 22 Aug 2007, M. Burnett wrote:

I have run across a design issue in VMware's scripting automation API that
diminishes VM guest/host isolation in such a manner to facilitate privilege
escalation, spreading of malware, and compromise of guest operating systems.


Furthermore, this attack only works if you are running the vmware guest
utilities *and* you are currently logged into a GUI desktop running the
vmware userland process.

In (not so) short, this attack vector is virtually worthless if reasonable
security practices are employed.


There are other methods of compromising guests without any
requirements for API's, GUI's, etc -
http://www.mnin.org/write/2006_vmshell_injection.pdf.

-- 
Matt Richard

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: VMWare poor guest isolation design, (continued) RE: VMWare poor guest isolation design, James C. Slora Jr. Re: VMWare poor guest isolation design, Jonathan Yu Re: VMWare poor guest isolation design, Arthur Corliss Re: VMWare poor guest isolation design, Jonathan Yu More on VMWare poor guest isolation design, M. Burnett Re: More on VMWare poor guest isolation design, Tim Newsham RE: More on VMWare poor guest isolation design, M. Burnett RE: More on VMWare poor guest isolation design, Tim Newsham RE: More on VMWare poor guest isolation design, Arthur Corliss Re: More on VMWare poor guest isolation design, Wietse Venema Re: VMWare poor guest isolation design, Matt Richard <= Re: VMWare poor guest isolation design, Arthur Corliss RE: VMWare poor guest isolation design, Ken Kousky RE: VMWare poor guest isolation design, Arthur Corliss RE: VMWare poor guest isolation design, Ken Kousky RE: VMWare poor guest isolation design, Arthur Corliss Re: VMWare poor guest isolation design, Tim Newsham VMware poor guest isolation design, VMware Security team

Previous by Date:	Re: VMWare poor guest isolation design, Jonathan Yu
Next by Date:	[Full-disclosure] n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory, security
Previous by Thread:	Re: More on VMWare poor guest isolation design, Wietse Venema
Next by Thread:	Re: VMWare poor guest isolation design, Arthur Corliss
Indexes:	[Date] [Thread] [Top] [All Lists]