VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Link | Tags |
---|---|
http://www.securityfocus.com/archive/1/460664/100/0/threaded | mailing list |
http://securityreason.com/securityalert/2281 | third party advisory |
http://osvdb.org/45244 | vdb entry |
http://www.securityfocus.com/archive/1/461807/100/0/threaded | mailing list |