OSVDB ID: 59440

Title: VMware Multiple Products sdk Path HTTP Request Directory Traversal Arbitrary File Access

Info

Disclosure

Oct 27, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 27, 2009

Description

VMWare hosted products contain a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the HTTP server not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) appended to the /sdk path. This directory traversal attack would allow the attacker to read arbitrary files on the host, including guest virtual machines.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, VMware has released a patch to address this vulnerability.

Products

VMware, Inc.

ESX

3.0.3
3.5

VMware Fusion

2.0.5

VMware Server

2.0.1
1.0.9

VMware ACE

2.5.2

VMware Player

2.5.2

VMware Workstation

6.5.2

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/59440