VMware Patches Virtualization Flaws

  /     /     /  
Publicated : 22/11/2024   Category : security


VMware Patches Virtualization Flaws


Bugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment.



VMware last week issued a security bulletin warning that many of its products have two bugs that could be exploited by attackers to cause a denial of service or even take control of a virtual environment.
To patch the vulnerabilities, VMware
released new versions
of affected software, which includes VMware Workstation 8.0.4 and later, Player 4.0.4 and later, Fusion 4.x (but not the Mac version), as well as all versions of ESXi and ESX.
The advisory covers pretty much all of VMWares virtualization platforms, said Johannes Ullrich, chief research officer at SANS Institute, in a
blog post
. I would not consider either one of these as super critical, but in particular the first issue should be patched soon.
The first of the two flaws would allow an attacker to pass a malicious virtual machine to a virtualized VMware environment. Input data is not properly validated when loading Checkpoint files, VMWare explained. This may allow an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host. While theres no workaround for the vulnerability, VMware said that importing virtual machines only from trusted sources would prevent the flaw from being exploited.
[ For the latest in the Lulzsec hacker case, see
Accused Lulzsec Hacker Fights Extradition To U.S.
. ]
The second vulnerability, meanwhile, relates to traffic from remote virtual devices--meaning any device, such as a keyboard or CD-ROM drive, which is available to the virtual machine--being handled incorrectly. This may allow an attacker who is capable of manipulating the traffic from a remote virtual device to crash the virtual machine, noted VMware. While the company detailed no workarounds for the vulnerability, it did note that for this attack to be successful, the attacker would need administrative privileges on the virtual machine in order to attach remote devices. Accordingly, it recommended that administrators never attach to a virtual machine a remote device that they dont trust.
VMwares security warning and related patch for its virtualization software followed last weeks security alert from
virtualization rival Xen
that a vulnerability in its hypervisor software running on 64-bit Intel CPUs could be exploited by attackers to escape from a guest account and assume control of a hypervisor.
In other bug-related news, security experts are warning that an
exploit module for an unpatched Microsoft vulnerability
has been added to the free, open source Metasploit penetration testing tool. Microsoft Tuesday warned that the
zero-day vulnerability in Microsoft XML (MSXML) Core Services
was already being actively exploited in the wild. The bug allows attackers to execute arbitrary code on a compromised PC. According to news reports, the attack had already been used to compromise multiple Gmail accounts, leading Google to warn affected users that state-sponsored attackers may be attempting to compromise your account or computer.
Finally, Qualys Friday began warning that the popular open source
Web application firewall ModSecurity
version 2.6.5 and ModSecurity Core Rule Set version 2.2.4--and likely also earlier versions of both--were vulnerable to a bypass attack.
Ivan Ristic, director of engineering at Qualys, wrote in a
blog post
, We uncovered a flaw in ModSecurity that may lead to complete bypass of the installed rules, in the cases when ModSecurity is deployed to protect the backends where impedance mismatch is not mitigated. Likewise, a flaw in the ModSecurity Core Rule Set would allow an attacker to bypass the firewalls content type attacks, again owing to an impedance mismatch, he said.
Impedance mismatch refers to the firewall interpreting traffic in one way, but a backend application interpreting it differently. When an impedance mismatch issue exists, the [Web application firewall] may be vulnerable to evasion attacks, Ristic said.
Trustwave, which is the primary custodian for
ModSecurity
, Friday
released
ModSecurity 2.6.6 and Core Rule Set 2.2.5 to patch the bugs.
More and more organizations are considering development of an in-house threat intelligence program, dedicating staff and other resources to deep inspection and correlation of network and application data and activity. In our
Threat Intelligence: What You Really Need to Know
report, we examine the drivers for implementing an in-house threat intelligence program, the issues around staffing and costs, and the tools necessary to do the job effectively. (Free registration required.)

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
VMware Patches Virtualization Flaws