Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical VMware Vulnerability, Exploit Released

Posted by kdawson on Thursday February 28, 2008 @07:41AM from the heads-up-incoming dept.

BaCa writes "Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software. It involves directory traversal using VMware's shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability."

2 of 104 comments (clear)

Min score:

Reason:

Sort:

Not the default on my copy of 6.0.2 by Anonymous Coward · 2008-02-28 07:54 · Score: -1, Redundant

You have to enable shared folders and actually set at least one folder to be shared to exploit.

On my copy of vmware there is a big exclamation that this could be risky. Creating a new VM has the feature disabled by default.
Duh? by Mesa+MIke · 2008-02-28 07:54 · Score: 0, Redundant

Isn't the purpose of "shared folders" to allow access to the host file system from the VM?