aaron posted in Uncategorized on August 11th, 2007
I’m pretty surprised this hasn’t been more highly publicized in the last week, but I guess that everyone is recovering from defcon/blackhat/sansfire. Apparently there was a recent VMware escaping demo given at SANSfire this year. There were a few new tools demo’d (my favorite by name alone would have to be either “VMdrag-n-hack”, or possibly “VMdrag-n-sploit”) with some pretty interesting capabilities. While details are a little light on the actual escaping exploit, it seems they did show a live demo of an exploit that was able to crash a guest OS, and run code on the host OS. This has obvious amazingly crazy implications since many people use VMware for not only malware analysis, but for general segregation of services/vhosts/applications/OSs/etc with the assumption that each guest is securely isolated from each other. The bottom line is that this is not a safe assumption and precautions should be taken against any shared medium, despite its logical separation.