VMware Workstation Shared Folders Directory Traversal Vulnerability
BID:23721
Info
VMware Workstation Shared Folders Directory Traversal Vulnerability
| Bugtraq ID: | 23721 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1744 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 30 2007 12:00AM |
| Updated: | May 08 2007 05:29PM |
| Credit: | Greg MacManus of iDefense Labs is credited with the discovery of this issue. |
| Vulnerable: |
VMWare Workstation for Linux 0 VMWare Workstation 5.5.3 build 34685 VMWare Workstation 5.5.1 Build 19175 VMWare Workstation 5.5.1 VMWare Workstation 5.0 .0 build-13124 VMWare Workstation 4.5.2 VMWare Workstation 4.5.2 VMWare Workstation 4.0.2 VMWare Workstation 4.0.1 VMWare Workstation 4.0 VMWare Workstation 3.4 VMWare Workstation 3.2.1 patch 1 VMWare Workstation 5.5.4 Build 44386 VMWare Server for Linux 0 VMWare Server 1.0.2 VMWare Server RC-1 VMWare Server Beta VMWare Player for Linux 0 VMWare Player 1.0.3 VMWare Player 1.0.2 VMWare Player 1.0.1 Build 19317 VMWare Player VMWare ACE 1.0.2 Build 19206 VMWare ACE 1.0 |
| Not Vulnerable: |
VMWare Workstation 5.5.4 build 44386 VMWare Server 1.0.3 VMWare Player 1.0.4 VMWare ACE 1.0.3 |
Discussion
VMware Workstation Shared Folders Directory Traversal Vulnerability
VMware Workstation is prone to a directory-traversal vulnerability because it fails to properly sanitize input.
An attacker with access to a virtual guest operating system can exploit this issue by traversing a shared directory to manipulate arbitrary files on the host operating system in the context of the user running the application.
Successful attacks could result in the compromise of the affected host operating system. Other attacks are possible.
VMware Workstation 5.5.3 build 34685 on Windows XP SP2 is vulnerable. Other versions may also be affected.
VMware Workstation is prone to a directory-traversal vulnerability because it fails to properly sanitize input.
An attacker with access to a virtual guest operating system can exploit this issue by traversing a shared directory to manipulate arbitrary files on the host operating system in the context of the user running the application.
Successful attacks could result in the compromise of the affected host operating system. Other attacks are possible.
VMware Workstation 5.5.3 build 34685 on Windows XP SP2 is vulnerable. Other versions may also be affected.
Exploit / POC
VMware Workstation Shared Folders Directory Traversal Vulnerability
To exploit this issue, an attacker must have access to a guest operating system on a vulnerable host and must issue commands via the affected application's Backdoor IO Protocol.
An attacker could use publicly available information to reverse-engineer the IO protocol used for communication between a guest and the host.
To exploit this issue, an attacker must have access to a guest operating system on a vulnerable host and must issue commands via the affected application's Backdoor IO Protocol.
An attacker could use publicly available information to reverse-engineer the IO protocol used for communication between a guest and the host.
Solution / Fix
VMware Workstation Shared Folders Directory Traversal Vulnerability
Solution:
The vendor has released updates to address this issue. Please contact the vendor for information on how to obtain and install the appropriate updates.
Solution:
The vendor has released updates to address this issue. Please contact the vendor for information on how to obtain and install the appropriate updates.
References
VMware Workstation Shared Folders Directory Traversal Vulnerability
References:
References:
- VMware Homepage (VMware)
- VMware Workstation Shared Folders Directory Traversal Vulnerability (iDefense Labs)
- Notes on VMware Workstation 5.5.4, Build 44386 (VMware)
- VMware Workstation Shared Folders Directory Traversal Vulnerability (iDefense Labs)