[GRLUG] [Fwd: VMware vulnerability in NAT networking]]]
Raymond McLaughlin
driveray at ameritech.net
Thu Dec 22 12:10:54 EST 2005
---------------------------- Original Message ----------------------------
Subject: VMware vulnerability in NAT networking
From: vmware-security-alert at vmware.com
Date: Wed, December 21, 2005 2:47 am
To: bugtraq at securityfocus.com
--------------------------------------------------------------------------
VULNERABILITY SUMMARY
A vulnerability has been discovered in vmnat.exe on Windows hosts and
vmnet-natd on Linux systems.
The vulnerability makes it possible for a malicious guest using a NAT
networking configuration to execute unwanted code on the host machine.
AFFECTED SYSTEMS:
VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player.
RESOLUTION:
VMware believes that the vulnerability is very serious, and recommends
that affected users update their products to the new releases or change
the configuration of the virtual machine so it does not use NAT
networking.
The new releases are now available for download at www.vmware.com/download
If you choose not to update your product but want to ensure that the NAT
service is not available, you can disable it completely on VMware
Workstation or VMware GSX Server by following the instructions in the
Knowledge Base article (Answer ID 2002) at
http://www.vmware.com/support/kb.
VMware thanks Tim Shelton of ACS Security Assessment Engineering,
Affiliated Computer Services, Inc., for reporting this vulnerability.
--
*** Sent from linux-users at lugwash.org *** http://www.lugwash.org
More information about the grlug
mailing list