Comments on: VMware Security http://wagnerelias.com/2008/06/12/vmware-security/ BCP, BIA, DRP, Security Assessment, Risk Assessment, Security Developer Wed, 05 Oct 2011 13:05:28 +0000 hourly 1 By: João Rodolfo http://wagnerelias.com/2008/06/12/vmware-security/comment-page-1/#comment-420 João Rodolfo Tue, 17 Jun 2008 16:25:52 +0000 http://wagnerelias.com/2008/06/12/vmware-security/#comment-420 Fala Wagner ! Certamente isso é para minimizar e detectar rapidamente problemas de segurança do tipo: http://www.secuobs.com/secumail/snsecumail/msg10864.shtml http://secunia.com/advisories/26890/ VMware Products Multiple Vulnerabilities CRITICAL: Less critical IMPACT: Security Bypass, Privilege escalation WHERE: Local system OPERATING SYSTEM: VMware ESX Server 3.x VMware ESX Server 2.x VMware Workstation 5.x VMware Server 1.x VMware Player 1.x VMware ACE 1.x VMware VIX API 1.x DESCRIPTION: Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges. 1) An error exists in the "HGFS.sys" driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine. 2) An error in "vmware-authd" can be exploited to gain escalated privileges on a Linux host machine. Abraços !<div class="comment-remix-meta"><a href="#" class="replyto" onclick="replyto('420','João Rodolfo'); return false;">Reply</a> - <a href="#" class="quote" onclick="quote('420','João Rodolfo','Fala Wagner !\r\n\r\nCertamente isso é para minimizar e detectar rapidamente problemas de segurança do tipo:\r\n\r\nhttp:\/\/www.secuobs.com\/secumail\/snsecumail\/msg10864.shtml\r\nhttp:\/\/secunia.com\/advisories\/26890\/\r\n\r\nVMware Products Multiple Vulnerabilities\r\n\r\nCRITICAL:\r\nLess critical\r\n\r\nIMPACT:\r\nSecurity Bypass, Privilege escalation\r\n\r\nWHERE:\r\nLocal system\r\n\r\nOPERATING SYSTEM:\r\nVMware ESX Server 3.x\r\nVMware ESX Server 2.x\r\nVMware Workstation 5.x\r\nVMware Server 1.x\r\nVMware Player 1.x\r\nVMware ACE 1.x\r\nVMware VIX API 1.x\r\n\r\nDESCRIPTION:\r\nSome vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.\r\n\r\n1) An error exists in the \"HGFS.sys\" driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine.\r\n\r\n2) An error in \"vmware-authd\" can be exploited to gain escalated privileges on a Linux host machine.\r\n\r\nAbraços !'); return false;">Quote</a></div> Fala Wagner !

Certamente isso é para minimizar e detectar rapidamente problemas de segurança do tipo:

http://www.secuobs.com/secumail/snsecumail/msg10864.shtml
http://secunia.com/advisories/26890/

VMware Products Multiple Vulnerabilities

CRITICAL:
Less critical

IMPACT:
Security Bypass, Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
VMware ESX Server 3.x
VMware ESX Server 2.x
VMware Workstation 5.x
VMware Server 1.x
VMware Player 1.x
VMware ACE 1.x
VMware VIX API 1.x

DESCRIPTION:
Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.

1) An error exists in the “HGFS.sys” driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine.

2) An error in “vmware-authd” can be exploited to gain escalated privileges on a Linux host machine.

Abraços !

ReplyQuote
]]>