VMware Fixes Vulnerabilities
- By Joab Jackson
VMware has issued patches that will eliminate the vulnerabilities
found last month, according to an announcement
the company posted on some security news mailing lists today.
The vulnerability allowed users of some VMware products to escape virtualized
environments and enter the host systems with full privileges.
To patch the hole, the company has updated:
The vulnerability, called a path traversal, involves the manipulation of VMware
shared folders that are used to transfer data between the guest virtualized
system and the host system. A user in a virtual environment could type in a
path name that would provide entry into the host system, with full read and
The vulnerability does not affect ESX Server or Linux versions of the VMware
The patches cover CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362,
CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618,
CVE-2008-1364, CVE-2008-1363 and CVE-2008-1340, as categorized by the Common
Vulnerabilities and Exposures project.
Joab Jackson is the chief technology editor of Government Computing News (GCN.com).