VMware fixes vulnerabilities
- By Joab Jackson
- Mar 18, 2008
VMware has issued patches that will eliminate the vulnerabilities
found last month, according to an announcement
the company posted on some security news mailing lists today. The vulnerability allowed users of some VMware products to escape virtualized environments and enter the host systems with full privileges.
To patch the hole, the company has updated:
The vulnerability, called a path traversal, involves the manipulation of VMware shared folders that are used to transfer data between the guest virtualized system and the host system. A user in a virtual environment could type in a path name that would provide entry into the host system, with full read and write privileges.
The vulnerability does not affect ESX Server or Linux versions of the VMware software.
The patches cover CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363 and CVE-2008-1340, as categorized by the Common Vulnerabilities and Exposures project.
Joab Jackson is the senior technology editor for Government Computer News.