VMware Patches Flaws Disclosed at Pwn2Own

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

 

VMware released updates and patches for its ESXi, Fusion and Workstation products to address some critical and moderate severity vulnerabilities which are disclosed at the Pwn2Own competition 2017.

The Pwn2Own participants made more than $200,000 this year for various exploits involving VMware virtual machine escapes. The researchers at Qihoo 360 made $105,000 for a Microsoft Edge exploit which achieved a VM escape, and the Tencent Security’s Team Sniper received $100,000 for a Workstation exploit which leveraged two vulnerabilities.

According to the VMware, Qihoo 360 team leveraged a heap buffer overflow (CVE-2017-4902) and also an uninitialized stack memory usage in SVGA (CVE-2017-4903) which allows an attacker in the guest operating system to execute code some on the host.

One of these security holes exploited by the Team Sniper is an uninitialized memory usage issue (CVE-2017-4904) in XHCI controller that can be exploited to execute the code on host from the guest OS.

The second flaw is disclosed by the Team Sniper at the Pwn2Own, it is rated “moderate severity,” and is an information leak weakness which is also caused by uninitialized memory usage.

These flaws affect ESXi 6.0 and 6.5, the Fusion 8.x on OS X and the Workstation 12.x on all operating systems. CVE-2017-4905 and CVE-2017-4904 also affect the ESXi 5.5, but former can only be exploited for the denial-of-service (DoS) attacks and not a code execution.

The Mozilla also patched a Firefox vulnerability disclosed at this year’s Pwn2Own. But, they managed to pull it off in just a day after the bug is presented in the hacking competition.

This was not the first time VMware patched flaws disclosed at such an event. Last year, it resolved a Workstation and Fusion vulnerability demonstrated at PwnFest, a hacking competition that took place in South Korea at the Power Of Community (POC) conference.

VMware has also released patches for the recently disclosed Apache Struts2 vulnerability, which the company has classified as “catastrophic.”

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply