Vulnerabilities in VMware’s Virtualization Software Pose Security Risks

VMware, the provider of virtualization software, has released updates that would patch vulnerabilities, which attackers could use to gain privileges to access an affected computer, overwrite files, cause a Denial-of-Service (DoS) situation, or run arbitrary code on a vulnerable PC, according to an U.S.-CERT advisory.

The flaws found recently in VMware's virtual machine program components highlight the presence of security dangers for active virtual computers run on a solo system.

The security risks arise from three flaws in the DHCP server that comes with VMware, and users who had not updated that their software could be attacked.

The DHCP application assigns IP addresses to the virtual machines operating within VMware. Unfortunately, as IBM researchers have discovered, it is possible to take control over a computer by exploiting the software that could turn out dangerous for people running multiple applications on a single VMware box, said Tom Cross, a researcher with the Internet Security Systems team of IBM. Infoworld reported this on September 20, 2007. By taking advantage of this vulnerability, a person could gain total control of a computer active on the virtual setting, Tom said.

Virtualization software is the most recent enterprise in IT departments. Organizations regard this product as a means to lower datacenter costs. With the use of VMware, a computer can act like a mini datacenter, operating different virtual machines on the same server. But the virtual machines behave like they are estranged from one another. The computers can have different operating systems and if any of the virtual machines collapses, it leaves no impact on the other ones in the network.

Unfortunately, this set-up can fail attackers at a certain point - the very VMware software. The DHCP vulnerabilities disturb VMware's Player, ACE, the Windows OS, Workstation products operating on Linux, and server, according to researchers at IBM.

There is another critical flaw in VMware's software that McAfee has discovered but it has been patched. With this flaw, one could execute unauthorized code on a virtualization machine. But attackers could find it difficult to exploit, said David Marcus, communications manager and security researcher with McAfee's Avert Labs. Infoworld reported this on September 20, 2007.

Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities

» SPAMfighter News - 10/8/2007