---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: VMware Products Shared Folders Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA29117 VERIFY ADVISORY: http://secunia.com/advisories/29117/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: VMware Workstation 5.x http://secunia.com/product/5080/ VMware Workstation 6.x http://secunia.com/product/14321/ VMware Player 1.x http://secunia.com/product/6594/ VMWare Player 2.x http://secunia.com/product/15771/ VMware ACE 1.x http://secunia.com/product/6593/ VMWare ACE 2.x http://secunia.com/product/15772/ DESCRIPTION: Gerardo Richarte has reported a vulnerability in VMware products, which can be exploited by malicious, local users or malicious applications to bypass certain security restrictions. The vulnerability is caused due to an input validation error when handling pathnames within a shared folder in a guest OS. This can be exploited to e.g. read or write arbitrary files on the host OS via directory traversal attacks. This is reportedly related to #5 in: SA25079 Successful exploitation requires that the shared folders feature is enabled with at least one folder configured for sharing between host and guest. The vulnerability affects the following products and versions on Windows: * VMware Workstation 6.0.2 and earlier * VMware Workstation 5.5.4 and earlier * VMware Player 2.0.2 and earlier * VMware Player 1.0.4 and earlier * VMware ACE 2.0.2 and earlier * VMware ACE 1.0.2 and earlier SOLUTION: The vendor recommends disabling the shared folders feature until a patch is available. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Gerardo Richarte, Core Security Technologies. ORIGINAL ADVISORY: VMware: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034 CORE-2007-0930 (via Full-Disclosure): http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html OTHER REFERENCES: SA25079: http://secunia.com/advisories/25079/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------