Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

VMware Patches DoS Vulnerability in Workstation, Fusion

VMware informed customers on Thursday that it has patched a denial-of-service (DoS) vulnerability in its Workstation and Fusion products. Details of the flaw and proof-of-concept code have been made public.

VMware informed customers on Thursday that it has patched a denial-of-service (DoS) vulnerability in its Workstation and Fusion products. Details of the flaw and proof-of-concept code have been made public.

In its advisory, VMware said the vulnerability affects Workstation 12.x and 14.x on all platforms, and Fusion 8.x and 10.x on OS X. Patches are included in Workstation 14.1.1 and Fusion 10.1.1. A workaround that involves setting a password for the VNC connection can be applied to Workstation 12.x and Fusion 8.x releases.

The flaw, tracked as CVE-2018-6957, was discovered by Lilith Wyatt of Cisco Talos. VMware says it can be exploited to cause a DoS condition by opening a large number of VNC sessions. VNC, which is used in VMware products for remote management and automation purposes, must be manually enabled for the exploit to work.

While VMware has classified the vulnerability as “important,” Cisco Talos has assigned it a CVSS score of 7.5, which puts it in the “high severity” category.

In its own advisory, Cisco said an attacker can trigger an exception on a targeted server and cause the virtual machine to shut down by initiating numerous VNC sessions.

“Since the VMware VNC server is naturally multi-threaded, there are locks and semaphores and mutexes to deal with shared variables. The VNC server also maintains a global variable that indicates the amount of locks that are currently used, that is incremented by certain events,” Talos explained.

The code uses a variable to count the locks and ensure that their number is not too high. Wyatt discovered that each TCP connection to the VNC increments this variable twice, and initiating a large number of connections will eventually lead to a DoS condition and a shutdown of the VM. Cisco’s advisory includes a one-line PoC exploit.

VMware sponsored the recent Pwn2Own 2018 hacking competition and offered up to $70,000 for VMware Workstation exploits. However, none of the contestants targeted the company’s products. At last year’s event, white hat hackers did disclose exploits that included VMware virtual machine escapes.

Advertisement. Scroll to continue reading.

Related: VMware Addresses Meltdown, Spectre Flaws in Virtual Appliances

Related: Serious Flaws Affect Dell EMC, VMware Data Protection Products

Related: VMware Patches Vulnerabilities in vCenter Server

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.