Last month we announced a critical VMware vulnerability where it was possible for a program running in a guest virtual machine to gain access to the host's complete file system and create or modify executable files in sensitive locations (that is, a true escape). The problem was due to a directory traversal vulnerability on the VMware share folder capabilities on Windows.

VMware has announced a new security advisory that includes a set of updates for VMware Workstation, Player, Server, ACE, and Fusion (VMSA-2008-0005), resolving this vulnerability plus a few other relevant security issues:

• a.  Host to guest shared folder (HGFS) traversal vulnerability (CVE-2008-0923)
• b. Insecure named pipes (CVE-2008-1361, CVE-2008-1362)
• c.  Updated libpng library to version 1.2.22 to address various security vulnerabilities (CVE-2007-5269)
• d.  Updated OpenSSL library to address various security vulnerabilities (CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339)
• e.  VIX API default setting changed to a more secure default value
• f.  Windows 2000 based hosted products privilege escalation vulnerability (CVE-2007-5618)
• g.  DHCP denial of service vulnerability (CVE-2008-1364)
• h.  Local Privilege Escalation on Windows based platforms by Hijacking VMware VMX configuration file (CVE-2008-1363)
• i.  Virtual Machine Communication Interface (VMCI) memory corruption resulting in denial of service (CVE-2008-1340)

 The latest versions are:

• VMware Workstation 6.0.3
• VMware Workstation 5.5.6
• VMware Player 2.0.3
• VMware Player 1.0.6
• VMware ACE 2.0.3
• VMware ACE 1.0.5
• VMware Server 1.0.5
• VMware Fusion 1.1.1

 Update as soon as possible!

--
Raul Siles
www.raulsiles.com