Opinions on VMware exploit

allanclark · ‎02-16-2010

I've been emailed by a supplier of ours and would like to hear peoples opinions on this...

A VMWare Server exploit was released at ShmooCon that lets you grab files from the ESX Server if the management interface is exposed. This includes the complete images and associated configuration files of the guest virtual machines.

Exploit code is available that lists and downloads a VM of your choice:

http://fyrmassociates.com/tools/gueststealer-v1.pl

Seemingly only works for VMs that are powered off.

msemon1 · ‎02-16-2010

I think you answered your own question. If the management interface is exposed. The Service Console and Management network should be on separate VLAN and virtual switch from VM's.

Mike

Texiwill · ‎02-17-2010

Hello,

This exploit exists and is why your management networks should be protected at all costs. Not just your ESX hosts, but your VMware vCenter server as well. The latest guidance from VMware suggests that you disable the features that allow gueststealer to work.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Opinions on VMware exploit