February 25, 2008

VMware shared folder vulnerability

Here we are again. Core just published an advisory about a directory traversal vulnerability in VMware's implementation of shared folders. That is, users from the Guests can read and write ANY directory in the file system of the Host.

I've blogged a lot in the past about the importance of patching and here we are again.

The infrastructure is gone, you can't have security if you don't patch the second you can, not a moment later.
And I remember somebody telling the story that the hypervisor and the infrastructure around it were so simple it's almost impossible they could have security bugs...