lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <276004ce0708240743x2264eddvb9e4b196b36d832c@mail.gmail.com>
Date: Fri, 24 Aug 2007 10:43:34 -0400
From: "Matt Richard" <matt.richard@...il.com>
To: "Arthur Corliss" <corliss@...italmages.com>,
	"M. Burnett" <mb@...o.net>, bugtraq@...urityfocus.com
Subject: Re: VMWare poor guest isolation design

On 8/23/07, Arthur Corliss <corliss@...italmages.com> wrote:
> On Wed, 22 Aug 2007, M. Burnett wrote:
>
> > I have run across a design issue in VMware's scripting automation API that
> > diminishes VM guest/host isolation in such a manner to facilitate privilege
> > escalation, spreading of malware, and compromise of guest operating systems.
> >
>
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
>
> In (not so) short, this attack vector is virtually worthless if reasonable
> security practices are employed.

There are other methods of compromising guests without any
requirements for API's, GUI's, etc -
http://www.mnin.org/write/2006_vmshell_injection.pdf.

-- 
Matt Richard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ