domino 2008-2-25 20:48
VMware的致命BUG Critical VMware bug lets attackers zap 'real' Windows
VMware bug lets attackers zap 'real' Windows
No patch yet for shared folders flaw
February 24, 2008 (Computerworld) A critical vulnerability in VMware Inc.'s virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" OS, the company has acknowledged.
As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player and ACE. The company's virtual machine software for Windows servers, and for Mac- and Linux-based hosts, are not at risk.
The bug was reported by Core Security Technologies, makers of the penetration testing framework CORE IMPACT, said VMware in a security alert issued last Friday. "Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it," claimed Core Security.
According to VMware, the bug is in the shared folder feature of its Windows client-based virtualization software. Shared folders lets users access certain files -- typically documents and other application-generated files -- from the host OS and any virtual machine on that physical system.
"On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations," confirmed VMware.
VMware has not posted a fix, but instead told users to disable shared folders.
The Palo Alto, Calif.-based company also made it clear that the vulnerability isn't present in its server line of virtual machine software: VMware Server and ESX Server do not use shared folders. Newer version of VMware's Windows client virtualization tools also disable shared folders by default, the company added; users must manually turn on the feature to be vulnerable.
A similar bug was reported by VeriSign Inc.'s iDefense Labs to VMware in March 2007, and patched by the latter about a month later.
Friday's alert, however, was the second security-related notice posted by VMware in two days. Thursday, VMware patched its ESX Server line to quash five bugs that could be used to slip past security restrictions, launch denial-of-service attacks, or compromise virtualized systems.
The increased reliance on virtual machines, particularly on enterprise servers, has come with its own set of security problems, researchers and IT administrators have noted previously. Sunday, an analyst with the Internet Storm Center (ISC) extended that warning to desktop virtualization users, particularly security professionals.
"We make an extensive use of virtualization technologies for multiple purposes: malware analysis, incident response, forensics, security testing, training, etc., and we typically use the client versions of the products," said Raul Siles in a post to the ISC blog. "It is time to disable the shared folder capabilities."
注意了!VMware的致命BUG可導致「真正的」Windows被幹掉
喜歡用虛擬機來玩病毒的朋友注意了!VMware公司已經確認,該公司推出的虛擬機軟體存在著一個漏洞,可以使攻擊者脫離「客戶」操作系統,並在「主機」中修改和添加文件。截至到目前位置,尚無修正可以堵住這個漏洞!所有Windows版本,包括Workstation、Player、ACE都受此漏洞影響。而Windows servers、Mac、Linux版本暫時沒有發現這個問題。這個漏洞是有Core Security Technologies公司發現,VMWare表示「攻擊者可以利用此漏洞衝破客戶系統,從而控制主機」。
:o 說明了! 沒有絕對安全的系統
domino 2008-2-26 00:12
回復 2# 的帖子
VMware 漏洞 關hips 什麼事? 好像兩者無關係..此文章是在說明VMware安全性問題.
況且hips 也不能保證完全沒有漏洞..不然那些作者幹麻更新呢?
[[i] 本帖最後由 domino 於 2008-2-26 00:13 編輯 [/i]]
蛋頭 2008-2-26 00:19
我比較好奇大家HIPS的用法@@
大家是平常就是開啟,還是要徵測一些程式、病毒 才會去開啟HIPS?
如果平常就開啟,每開個程式就一直囉哩巴縮的詢問,點都點到煩死了
其實這VMware漏洞 也沒啥好訝異的,就跟現實世界的病毒一樣,任何專治的藥物、抗生素,用久了就會產生抗體。 (迷:好像扯太遠了...;ya: )
juijui 2008-2-26 01:37
不好意思是我先離題了...:sryy:
上面是我當時看完時的想法。
平常我測試病毒時,是開虛擬機加沙盤去測試的...
依照我使用的情況來說...若真被病毒突破沙盤跟虛擬機...;ya:
危害到實體主機...
我還有個HIPS可擋住...
jammin 2008-2-26 09:43
這個 bug 是在虛擬機和實體主機的共享資料夾。
只要不啟用 VMware 的 Shared Floders 功能就不會有事
ㄚ一 2008-2-26 10:46
VMware一般我也不用分享資料夾
只有在VBox上才這麼使用,還好我大部分使用VMware都是在Linux平台
marco 2008-2-26 11:51
還好我根本不知道VMware有Shared Floders ...:plzz:
tingin 2008-2-26 12:12
之前用vbox,有次在虛擬機中關閉系統,結果連實機也關閉了,不過當時已經很累,至今仍不知是否是自己誤操作...:L
ㄚ一 2008-2-29 01:41
Linux/MAC版確定不受此漏洞影響
[quote]SummaryOn Windows hosts, if you have configured a VMware host-to-guestshared folder, it is possible for a program running in the guest togain access to the host's complete file system and create or modifyexecutable files in sensitive locations.
Relevant ReleasesWindows hosted versions of:
[list][*]VMware Workstation 6.0.2 and earlier
[*]VMware Workstation 5.5.4 and earlier
[*]VMware Player 2.0.2 and earlier
[*]VMware Player 1.0.4 and earlier
[*]VMware ACE 2.0.2 and earlier
[*]VMware ACE 1.0.2 and earlier[/list]
[b]Note:[/b] The following VMware products are not affected:
[list][*]VMware Server is not affected because it does not use shared folders.
[*]No versions of ESX Server, including ESX Server 3i, are affectedby this vulnerability. Because ESX Server is based on a bare-metalhypervisor architecture, not a hosted architecture, it does not includeany shared folder abilities.
[*][color=Red]VMware Fusion and Linux-hosted VMware products are unaffected.[/color]
[/list]
[url]http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034[/url]
[/quote]
charles1394 2008-3-19 12:09
沒錯,不要使用Shared Folder!
看來VM和Virtual PC的Shared Folder存在同樣的問題啊(自己是用Virtual PC測試黑色炸彈的受害者:'( ,有使用Shared Folder)
還是自己用網路上的芳鄰分享資料夾,設成只讀取就好,較安全。:)