Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues

ID VMSA-2008-0008
Type vmware
Reporter VMware
Modified 2008-05-30T00:00:00


a. VMware HGFS File System Heap Overflow
The VMware Host Guest File System (HGFS) shared folders feature allows users to transfer data between a guest operating system and the non-virtualized host operating system that contains it.

A heap buffer overflow condition is present in VMware HGFS. Exploitation of this flaw might allow an unprivileged guest process to execute code in the context of the vmx process on the host.

In order to exploit this vulnerability, the VMware system must have at least one folder shared. Two things must happen for a folder to be shared. 1) Shared folders must be enabled, and 2) a folder must be selected from the host system to be shared. No folders are shared by default in any version of our products, which means this vulnerability is not exploitable by default. Workstation 6.x, Player 2.x, and ACE 2.x have shared folders disabled by default.

VMware Server, ESX and ESXi do not provide the shared folders feature. Because there is no back-end for the HGFS protocol on the virtualization host, these products are architecturally immune to this issue.

This issue might not be exploitable on host operating systems which have implemented heap protection.

VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and exposures project (cve.mitre.org) has assigned the name CVE-2008-2098 to this issue.

VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux not affected

Player 2.x Windows 2.0.4 build 93057
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows not affected
Player 1.x Linux not affected

ACE 2.x Windows 2.0.4 build 93057
ACE 1.x Windows not affected

Server 1.x Windows not affected
Server 1.x Linux not affected

Fusion 1.x Mac OS/X 1.1.2 build 87978 or later