VMware Tools update OS Command Injection
JDMurray
Admin Posts: 13,101 Admin
"VMware Server Infrastructure Web Access is prone to remote command
execution vulnerability because the software fails to adequately
sanitize user-supplied input."
"When Updating the VMTools on a certain Guest Virtual Machine, a command
injection attack can be executed if specially crafted parameters are sent.
Successful attacks can compromise the affected Guest Virtual Machine
with root privileges."
VMware Tools update OS Command Injection
I'm gonna assume the same types of vulnerabilities are in the VMware VI API too.
execution vulnerability because the software fails to adequately
sanitize user-supplied input."
"When Updating the VMTools on a certain Guest Virtual Machine, a command
injection attack can be executed if specially crafted parameters are sent.
Successful attacks can compromise the affected Guest Virtual Machine
with root privileges."
VMware Tools update OS Command Injection
I'm gonna assume the same types of vulnerabilities are in the VMware VI API too.
Comments
-
blargoe Member Posts: 4,174 ■■■■■■■■■□Thankfully (for me), it doesn't affect Windows VM'sIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
JDMurray Admin Posts: 13,101 AdminOnly if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.
-
azjag Member Posts: 579 ■■■■■■■□□□Only if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.
Thanks for the heads up on this one. I'm scheduled to update "out of date" tools on about 100 guest machines this coming weekend. Might have to research alternative methods for running mass updates.Currently Studying:
VMware Certified Advanced Professional 5 – Data Center Administration (VCAP5-DCA) (Passed)
VMware Certified Advanced Professional 5 – Data Center Design (VCAP5-DCD)