薄荷 2008-2-28 02:15 PM
VMWARE的新漏洞
转自coresecurity的2008年2月25日的报道.报道全文可以自己搜索,该漏洞被触发要具备如下条件:
启用共享目录(默认启用)并且主机上有至少一个目录被设置成共享.
这个漏洞和去年VMWARE被爆出的一个漏洞很相似(事实上,coresecurity的工程师也正是在调查去年那个漏洞时发现了这个新漏洞).
给出的方案4条:
1,禁止启用共享目录
2,启用共享目录,但设置成只读
3,启用且不设置只读,在主机对设置成共享的目录进行特殊的安全机制保护
4,等待版本更新
3大概是要用到主机的HIPS软件了,4目前官方没更新.受影响的版本是VMWARE,PLAYER,ACE 6.02及以前版本.
其实,去年那个漏洞出现后.我用虚拟机不论是VMWARE,VPC,PARALLELS都不用共享目录功能了,VMWARE由于可设置,我连拖拽和剪切内容共享都是禁止的......
希望论坛里用虚拟机的暂时关闭共享目录功能或设置成只读.其实,和虚拟机交换文件,VMWARE可以用VM MOUNT工具(6版已经随安装包发布了,之前版本官方提供免费下载),VPC和PARALLELS可以用VS的MOUNT工具(选择安装,单独安装磁盘镜像工具),利用将磁盘文件挂载成虚拟分区来交换文件......
森林古猿 2008-2-28 03:53 PM
哦~~ 谢谢提醒~~
不过俺也不是太担心这个问题, 因为俺在VMWare 里面测试的软件一般都比较健康....
薄荷派 2008-2-28 10:48 PM
[quote]原帖由 [i]森林古猿[/i] 于 2008-2-28 15:53 发表 [url=http://www.catlive.net/bbs/redirect.php?goto=findpost&pid=36867&ptid=8806][img]http://www.catlive.net/bbs/images/common/back.gif[/img][/url]
哦~~ 谢谢提醒~~
不过俺也不是太担心这个问题, 因为俺在VMWare 里面测试的软件一般都比较健康.... [/quote]
可以利用构造特定的网络地址来实现对漏洞的利用......
森林古猿 2008-2-29 12:18 AM
[quote]原帖由 [i]薄荷派[/i] 于 2008-2-28 22:48 发表 [url=http://www.catlive.net/bbs/redirect.php?goto=findpost&pid=36878&ptid=8806][img]http://www.catlive.net/bbs/images/common/back.gif[/img][/url]
可以利用构造特定的网络地址来实现对漏洞的利用...... [/quote]
呃.... 是不是说, 如果VMWare里面的guest操作系统接入互联网了的话, 黑客可能会通过互联网, 经过guest操作系统入侵主系统呢?
如果这是这样话, 俺还是不太担心, 因为俺的guest 系统绝大部分时间都没有上网的....
晚期猿人 2008-3-16 05:18 PM
6.0.3 已经修复了这个bug....
[quote]
[b]New in Version 6.0.3[/b]
Workstation 6.0.3 adds full support for the following operating systems:
[list][*]32-bit and 64-bit Ubuntu Linux 7.10 as host and guest operating systems[*]32-bit and 64-bit Red Hat Enterprise Linux 4.6 as host and guest operating systems[*]32-bit and 64-bit Asianux Server 3 as a guest operating system[*]32-bit and 64-bit Turbolinux 10 Server as a guest operating system[/list]
[b]Note:[/b] The Eclipse Integrated Virtual Debugger is not yet supported on Ubuntu Linux 7.10 and Red Hat Enterprise Linux 4.6 hosts.
[b]
Workstation 6.0.3 addresses the following security issues:[/b]
[list][*][color=red]On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360)[/color][*]An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. (Foundstone CODE-BUG-H-001) In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing. (bug 193049)[*]This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. (bug 224453)[*]This release updates the OpenSSL library to address various vulnerabilities to denial-of-service attacks and buffer overflows. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2006-2940, CVE-2006-2937, CVE-2006-4343. (bug 216493)[*]Workstation 6.0.2 allowed anonymous console access to the guest by means of the VIX API. This release, Workstation 6.0.3, disables this feature. This means that the Eclipse Integrated Virtual Debugger and the Visual Studio Integrated Virtual Debugger will now prompt for user account credentials to access a guest. (bug 187785)[/list]
Workstation 6.0.3 is also a maintenance bug fix release to improve VMware Workstation 6.0.2. See [url=http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#bugfix]Fixed Bugs[/url] for information about additional bug fixes.[/quote]
[[i] 本帖最后由 晚期猿人 于 2008-3-16 05:25 PM 编辑 [/i]]
