VMware patches bug allows guest to execute code on host



Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, encouraged to update to address a series of vulnerabilities, one critical.

The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host, according to a VMware security advisory posted early Friday.

The issue, CVE-2017-4924, discovered by researchers Nico Golde and Ralf-Philipp Weinmann of Comsecuris UG, affects version 6.5 of ESXi but not versions 6.0 and 5.5. It also affects version 12.x of Workstation and version 8.x of Fusion. As the bug allows code execution it’s marked as critical.

NULL pointer reference vulnerability

A NULL pointer reference vulnerability can also exploit when the software handles guest RPC requests, something that could allow an attacker with normal user privileges to crash virtual machines.

The moderate severity bug affects version 6.5, 6.0, and 5.5 of ESXi, version 12.x of Workstation, and 8.x of Fusion. Users urged to apply patches released on Friday as no workaround exist for the vulnerability.

The last vulnerability VMware warned about on Friday only affects vCenter Server, a platform designed to help users manage vSphere environments. An attacker with VC user privileges could inject malicious JavaScript and exploit a stored cross-site scripting bug in the platform’s HTML5 Client. The bug execute when other VC users access the page, VMware warns.

The bug only affects the Windows version 6.5 of vCenter Server. Users encouraged to update to version 6.5 U1 to mitigate it.