VMware vulnerability allows users to escape virtual environment

A new vulnerability found in some VMware products allows users to escape their virtual environments and muck about in the host operating system, penetration testing software firm Core Security Technologies announced earlier this week.

This vulnerability (CVE Name: CVE-2008-0923) could poise significant risks to enterprise users who are deploying VMware software as a secured environment.

'What's most relevant about this vulnerability is it demonstrates how virtual environments can provide an open door to the underlying infrastructures that host them,' said Iv'n Arce, chief technology officer at Core Security, in a statement. 'Organizations often adopt virtualization technologies with the assumption that the isolation between the host and guest systems will improve their security posture. This vulnerability provides an important wake-up call to security-concerned IT practitioners. It signals that virtualization is not immune to security flaws.'

The vulnerability, called a path traversal, involves the manipulation of VMware shared folders that are used to transfer data between the guest virtualized system and the host system. A user in a virtual environment could type in a path name that would provide entry into the host system, with full read and write privileges.

According to Core researchers, the VMware software does not adequately check the user input of the path names, allowing malicious parties to enter the commonly used '..' substring to access parent folders and thereby escape folder access restrictions.

The Shared Folders feature must be enabled in order for the vulnerability to work, though, as Core Security points out, this is the default setting for VMware products. The company provides sample exploitation code on its site.

Older versions of VMware Workstation, VMware Player and VMware Ace all have this vulnerability. Versions of VMware ESX, VMware Server and VMware Fusion are not affected. Linux VMware products are not affected.

Core Security said VMware was first advised of this vulnerability last October. The company indicated it would fix the problem by December, but has not done so.

VMware currently recommends disabling the shared folders feature. Core Security advises that if shared folders must be used, enable them as read-only on the host system.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.