BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security threats Toolkit

Virtual-machine exploit lets attackers take over host

Tags:
Virtualisation,
Exploit Code,
Attack,
Flaw

Matthew Broersma ZDNet.co.uk

Published: 09 Jun 2009 12:29 BST

Penetration-testing company Immunity has exploited a flaw in VMware software that allows malicious code running in a virtual machine to take over the host operating system.

Immunity included the attack code in an update to its commercial penetration-testing tool, Canvas 6.47, released on Tuesday last week. The attack code is in a module of the tool called Cloudburst.

Cloudburst uses a vulnerability in the virtual-machine display functions of VMware Workstation that can be exploited by a specially crafted video file. The malicious file, when executed within a virtual machine, could allow an intruder to take over the host operating system, according to security researchers.

The bug itself affects VMware Workstation 6.5.1 and earlier, or the associated Player versions. The software can be running on any host system, including Linux, according to VMware.

However, the Cloudburst exploit currently has certain limitations: it will only succeed on Workstation 6.5.0 or 6.5.1 or the associated Player versions. In addition, the guest and host must be Windows-based, among other requirements, Immunity said in its release notes.

Read this

Virtualisation's 10 commandments of destruction

The bug, which has been assigned the Common Vulnerabilities and Exploits (CVE) reference CVE-2009-1244, was disclosed in January, and VMware issued a patch in April. However, system administrators do not always keep their systems up to date with patches, Immunity said.

The bug is dangerous partly because it works with default VMware settings, according to security researchers. Secunia, a third-party security firm, gave the flaw a "highly critical" rating.

The flaw was discovered by Immunity researcher Kostya Kortchinsky, and Immunity published a video demonstrating its attack in April.

"The exploit is amazing," Immunity chief executive Dave Aitel said in a newslist post announcing the exploit video.

Two similar vulnerabilities came to light in 2007: a memory corruption vulnerability (CVE-2007-4496) and a bug in the Shared Folders implementation (CVE-2007-1744) that could allow a guest operating system to read or write files on the host system.

However, the first bug was not necessarily exploitable, while the second required a non-default configuration to be exploitable, security researchers said.

Do virtual servers really mean lower costs?
Why virtualisation is struggling to keep up
vOptimizer Pro 2.1 review
VMware introduces 'operating system for the cloud'
Server consolidation: a tech guide
Citrix updates XenServer and Essentials
IDC: Virtual servers set to overtake physical boxes
EMC's Tucci: Next big things in IT
VMware exec demos fluid network switching
Virtualisation's 10 commandments of destruction

Did you find this article useful?
1 out of 1 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

More in this Special Report

Roundup: The reality of virtualisation special report

Virtualisation has gone from curiosity to IT necessity. Find out what's happening at the cutting edge — and in daily use — in our special repor more

Virtualisation's 10 commandments of destruction

Like nuclear technology, virtualisation is being sold as safe yet powerful. But beware — do not ignore its disruptive potential more

Why virtualisation is struggling to keep up

The relentless increase of processors per chip will rapidly reach a point well beyond the levels for which key software has been engineered, says Carl Claunch more

VMware introduces 'operating system for the cloud'

VMware has announced its latest virtualisation suite, vSphere 4, which is designed for setting up and managing networked virtual processors within a company's datacentre more

Server consolidation: a tech guide

Many modern datacentres are so full of equipment that it's impossible to add anything new without first making space for it. One way to free up valuable real estate is by consolidating existing servers into virtual machines or blade systems more

Citrix updates XenServer and Essentials

XenServer 5.5 promises to make it easier to convert virtual machines from one format to another, and to work better with third-party products more

IDC: Virtual servers set to overtake physical boxes

IT departments in Western Europe will deploy more virtual machines than physical servers for the first time in 2009, according to IDC more

EMC's Tucci: Next big things in IT

The data-storage and virtualisation company's chief executive Joe Tucci talks about four technologies that are shaking up the industry more

VMware exec demos fluid network switching

Chief technology officer Stephen Herrod explains what the additional features in the company's network-switching distribution will bring to virtualisation more

Do virtual servers really mean lower costs?

Assumptions about virtualisation cost savings need to be put on a firmer footing, says Cameron Haight more

vOptimizer Pro 2.1 review

This suite automatically reclaims over-allocated and under-utilised storage in Windows virtual machines. With SAN storage costing around £10/GB, Vizioncore's vOptimizer Pro could quickly pay for itself more