Re: VMWare poor guest isolation design

To: "Arthur Corliss" <corliss@xxxxxxxxxxxxxxxx>, "M. Burnett" <mb@xxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: VMWare poor guest isolation design
From: "Matt Richard" <matt.richard@xxxxxxxxx>
Date: Fri, 24 Aug 2007 10:43:34 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mhf64xlPzk7IiyWm28CPtlET2EsZ8QHC0rp8iojrI3mr10zVdT5G42lDt86OnNQIj6CJmZYpilgl9FvVxYnY+N6t+mBiX0ZcB1UPiU/T1m55OTau1YUevJFH8mptqhogYD9juadRdibwpYoUhQLQZMvXCD8YsLmLKmEw7W8IVxI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iKzF60yW+CN2fogxfNQaIYmmLCeYtg3skjHDx8udcoHyNTuC2sXu35LUfYZR4NkOtd2ICfh2JQqyfE1LPBFeKH/wIN+dLfx/Xkn+xiY7z2kPZWx0QPsH9uYEpOxnmZ8BhrfCM5nGF0LbM3dbNjYo0d0VvM+4hb9QS+oKvnGosa8=
In-reply-to: <Pine.LNX.4.64.0708230834211.13100@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <008001c7e534$e4b84490$ae28cdb0$@net> <Pine.LNX.4.64.0708230834211.13100@xxxxxxxxxxxxxxxxxxxxxxxx>

On 8/23/07, Arthur Corliss <corliss@xxxxxxxxxxxxxxxx> wrote:
> On Wed, 22 Aug 2007, M. Burnett wrote:
>
> > I have run across a design issue in VMware's scripting automation API that
> > diminishes VM guest/host isolation in such a manner to facilitate privilege
> > escalation, spreading of malware, and compromise of guest operating systems.
> >
>
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
>
> In (not so) short, this attack vector is virtually worthless if reasonable
> security practices are employed.

There are other methods of compromising guests without any
requirements for API's, GUI's, etc -
http://www.mnin.org/write/2006_vmshell_injection.pdf.

-- 
Matt Richard

Follow-Ups:
- Re: VMWare poor guest isolation design
  - From: Arthur Corliss

References:
- VMWare poor guest isolation design
  - From: M. Burnett
- Re: VMWare poor guest isolation design
  - From: Arthur Corliss

Prev by Date: Re: VMWare poor guest isolation design
Next by Date: Re: VMWare poor guest isolation design
Previous by thread: Re: More on VMWare poor guest isolation design
Next by thread: Re: VMWare poor guest isolation design
Index(es):
- Date
- Thread