Re: Vm ware 0day dos exploit by n00b.

To: bugtraq@xxxxxxxxxxxxxxxxx, co296@xxxxxxx
Subject: Re: Vm ware 0day dos exploit by n00b.
From: Paul Szabo <psz@xxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2006 12:59:57 +1000
In-reply-to: <20060618130201.4692.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

co296@xxxxxxx wrote:

> ... in vmware user's .vmx file ... we change ...
> ide1:0.fileName = AAAAA... it will cause a d0s ...

I am confused: cannot you cause such a problem with any invalid filename?
Where is the attack, if you had to have write access to the user's file?
Can you have code execution (shellcode in that name, for VMware on UNIX
where bits of it run as root)?

Cheers,

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

References:
- Vm ware 0day dos exploit by n00b.
  - From: co296

Prev by Date: Janus Contact
Next by Date: Re: Vm ware 0day dos exploit by n00b.
Previous by thread: Vm ware 0day dos exploit by n00b.
Next by thread: Re: Vm ware 0day dos exploit by n00b.
Index(es):
- Date
- Thread