downgrade.org » vulnerability http://downgrade.org The rantings and insight of an ethical hacker, coder and IT samurai. Mon, 05 Sep 2011 20:17:17 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 VM Escape http://downgrade.org/2009/04/15/vm-escape http://downgrade.org/2009/04/15/vm-escape#comments Wed, 15 Apr 2009 20:17:11 +0000 Bryan Murphy http://downgrade.org/?p=350 Whenever anyone speaks of virtual machine security the absolute worst case scenario is the dreaded “VM Escape”.  That is the ability of a malicious user to escape a virtual machines encapsulation and reach the host (or hypervisor).  This class of attack could potentially expose all other virtual machines running on this host.

In the VM world this type of vulnerability is an absolute worst case, but are very rare.

On April 10th CVE-2009-1244 was released stating that a number of VMWare products are vulnerable to VM escapes.

You should patch as soon as possible if you are running:

  • VMware Workstation 6.5.1 and earlier
  • VMware Player 2.5.1 and earlier
  • VMware ACE 2.5.1 and earlier
  • VMware Server 1.x before 1.0.9 build 156507
  • VMware Server 2.x before 2.0.1 build 156745
  • VMware Fusion before 2.0.4 build 159196
  • VMware ESXi 3.5
  • VMware ESX 3.0.2, 3.0.3, and 3.5

Per the CVE this vulnerability:

allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.

This also validates why all of the best practice documents recommend that VMs of different sensitivity levels be run on physically separate hosts and/or clusters.

SANs Internet Storm Center reports that an exploit is available ‘in the wild’ for a fee.  They also provide a link to the following video of someone allegedly leveraging this exploit.

]]> http://downgrade.org/2009/04/15/vm-escape/feed 0