|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
|
| |
Vulnerable Systems:
* VMware Workstation version 5.5.4
When a VMware guest operating system has the VMware Tools package installed, the hgfs.sys driver is loaded on the machine. This driver allows any user to open the device "\\.\hgfs" and issue IOCTLs with a buffering mode of METHOD_NEITHER. This allows untrusted user mode code to pass kernel addresses as arguments to the driver.
With specially constructed input, a malicious user can use functionality within the driver to patch kernel addresses and execute arbitrary code in kernel mode.
Analysis:
Exploitation of this vulnerability allows an unprivileged local user to patch and execute arbitrary code within the kernel of a Windows guest operating system. In order to exploit the vulnerability, an attacker needs to be able to login to the target VMware guest virtual machine and execute a specially crafted executable.
Workaround:
Removing VMware Tools from affected guest systems will prevent exploitation of this issue. However, doing so will also reduce performance and affect the usability of that virtual machine.
Vendor response:
VMware has addressed this vulnerability by releasing new versions of their affected products. In order to address affected guest operating systems, VMware Tools must be upgraded within the guest. For more information, consult VMware's advisory at the following URL.
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
CVE Information:
CVE-2007-5671
Disclosure timeline:
09/19/2007 - Initial vendor notification
09/19/2007 - Initial vendor response
06/04/2008 - Coordinated public disclosure
|
|
|
|
|
