Thursday, December 22, 2005

Remote Heap Overflow in VMware Products

Thanks to a heads-up from "yomama" in the #snort channel, I learned of this advisory from Tim Shelton:

"A vulnerability was identified in VMware Workstation (And others) vmnat.exe, which could be exploited by remote attackers to execute arbitrary commands.

This vulnerability allows the escape from a VMware Virtual Machine into userland space and compromising the host.

'Vmnat' is unable to process specially crafted 'EPRT' and 'PORT' FTP Requests."

This implies that someone who connects to a FTP server using traffic that is processed by vmnat.exe can exploit vmnat.exe.

As a VMware Workstation user, I am glad to see they have published a new version to address the vulnerability.

2 comments:

Anonymous said...

Thanks for the heads up!

Richard Bejtlich said...

Alessandro Perilli saw this post and created one at his blog with more info here.