>
>
> TITLE:
> VMware NAT Networking Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA18162
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> System access
>
> WHERE:
> From local network
>
> SOFTWARE:
> VMware Workstation 5.x
>
> VMware Workstation 4.x
>
> VMware ACE 1.x
>
> VMware GSX Server 1.x
>
> VMware GSX Server 2.x
>
> VMware GSX Server 3.x
>
> VMware Player 1.x
>
> VMware Workstation 2.x
>
> VMware Workstation 3.x
>
>
> DESCRIPTION:
> Tim Shelton has reported a vulnerability in VMware, which potentially
> can be exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to an error in "vmnat.exe" (Windows)
> and "vmnet-natd" (Linux) when handling certain FTP requests. This can
> be exploited to cause a heap-based buffer overflow via specially
> crafted "eprt" and "port" FTP requests sent from the guest OS.
>
> Successful exploitation allows arbitrary code execution on the host
> OS, but requires that NAT networking is enabled on the virtual
> machine.
>
> The vulnerability has been reported in the following products:
> * VMware Workstation 5.5 and prior.
> * VMware GSX Server 3.2 and prior.
> * VMware ACE 1.0.1 and prior.
> * VMware Player 1.0 and prior.
>
> SOLUTION:
> Update to the latest versions.
>
>
> Alternatively, disable NAT networking on the virtual machine.
>
>
> PROVIDED AND/OR DISCOVERED BY:
> Tim Shelton
>
> ORIGINAL ADVISORY:
> VMware:
>
>
> Tim Shelton:
>
> er/040442.html
>
> ----------------------------------------------------------------------
