VMware Tools update OS Command Injection

JDMurrayJDMurray Admin Posts: 13,091 Admin
in Virtualization
"VMware Server Infrastructure Web Access is prone to remote command
execution vulnerability because the software fails to adequately
sanitize user-supplied input."

"When Updating the VMTools on a certain Guest Virtual Machine, a command
injection attack can be executed if specially crafted parameters are sent.
Successful attacks can compromise the affected Guest Virtual Machine
with root privileges."

VMware Tools update OS Command Injection


I'm gonna assume the same types of vulnerabilities are in the VMware VI API too. icon_sad.gif
Forum Admin at www.techexams.net
--
Credly
LinkedIn
Twitter
· Share on FacebookShare on Twitter

Comments

  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Thankfully (for me), it doesn't affect Windows VM's
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    Only if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • azjagazjag Member Posts: 579 ■■■■■■■□□□
    JDMurray wrote: »
    Only if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.

    Thanks for the heads up on this one. I'm scheduled to update "out of date" tools on about 100 guest machines this coming weekend. Might have to research alternative methods for running mass updates.
    Currently Studying:
    VMware Certified Advanced Professional 5 – Data Center Administration (VCAP5-DCA) (Passed)
    VMware Certified Advanced Professional 5 – Data Center Design (VCAP5-DCD)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.