VMware Cloud Community
5 Replies
Texiwill
Leadership
Leadership
‎06-14-2012 04:42 AM

Hello,

A good reason to only allow disk replication and rebuild the metadata files on the cloud side instead of trusting they are correct on input. Interestingly enough this type of attack is possible for nearly all clouds that accept the metadata in a raw format. vSphere itself should verify the metadata files and either remove the offending lines or not allow the VM to boot.

Now we have one more step to look into when 'accepting' third party virtual appliances, what do the metadata files look like.

I wonder if anyone has talked to VMware directly about this one.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011, 2012

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

vSphere Upgrade Saga -- Virtualization Security Round Table Podcast -- The Virtualization Practice

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
oreeh
Immortal
Immortal
‎06-14-2012 04:56 AM

I would have thought that there's at least some sanity checking built into the vSphere kernel to at least protect the ESX file system.

0 Kudos
Texiwill
Leadership
Leadership
‎06-14-2012 05:07 AM

Hello Oreeh,

Apparently not. :}

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011, 2012

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

vSphere Upgrade Saga -- Virtualization Security Round Table Podcast -- The Virtualization Practice

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
oreeh
Immortal
Immortal
‎09-05-2012 10:54 PM

looks like write access is also possible

http://www.insinuator.net/2012/09/vmdk-malicious-patching/

0 Kudos
Texiwill
Leadership
Leadership
‎09-10-2012 07:25 AM

Hello,

Yes, it would be full access to the filesystem. What I heard however is that allowing RAW access to import VMs is never or should never be allowed. Instead clouds should require OVF/OVA format, etc. Which does some sanity checking. Granted I have not tested this fully with OVF but that is what I have heard. So the mitigation steps are to only accept VMs in the proper format and to inspect when not in that format.

Best regards,

Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos