Virtual machine escape
In computer security, virtual machine escape is the process of breaking out of a virtual machine, virtual machining and interacting with the host operating system.[1] A virtual machine is a "completely isolated guest operating system installation within a normal host operating system".[2] In 2008, a vulnerability (CVE-2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMWare Workstation 6.0.2 and 5.5.4.[3][4] A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (commercial penetration testing tool).[5] Cloudburst was presented in Black Hat USA 2009.[6]
Previous known vulnerabilities
- CVE-2007-1744 Directory traversal vulnerability in shared folders feature for VMware
- CVE-2008-0923 Directory traversal vulnerability in shared folders feature for VMware
- CVE-2009-1244 Cloudburst: VM display function in VMware
- CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier
- CVE-2014-0983 Oracle VirtualBox 3D acceleration multiple memory corruption
- CVE-2015-3456 VENOM: buffer-overflow in QEMU's virtual floppy disk controller
References
- ↑ What is VM Escape? - The Lone Sysadmin
- ↑ "Virtual Machines: Virtualization vs. Emulation". Retrieved 2011-03-11.
- ↑ Core Security Technologies
- ↑ Researcher: Critical vulnerability found in VMware's desktop apps | ZDNet
- ↑ Hacking Tool Lets A VM Break Out And Attack Its Host - Dark Reading
- ↑ Black Hat ® Technical Security Conference: USA 2009 // Briefings
External links
This article is issued from Wikipedia - version of the Thursday, April 07, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.