Windows is the key to hacking another OS
A BUG in VMware's Fusion could be used to run malicious code on another operating system by exploiting Windows in a virtual machine.
According to insecurity outfit Immunity, a critical vulnerability in VMware's virtual machine display function can be used to read and write memory on the "host" operating system.
Immunity has demonstrated an attack on a machine running Windows Vista Service Pack 1 as the host operating system, and Windows XP as the "guest". However it could be just as easily running on a Mac or a Linux machine.
VMWare claims to have fixed the flaw which allows a hacker to read and write arbitrary memory in the host. Thus the guest can run some code on the host, effectively bypassing ASLR and DEP on Vista SP1. µ
L'Inq
Computerworld
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
a vm is just basically a hypvervisor level, so it should not surprise anyone that yet ANOTHER virus/trojan/whatever can punch through one...
i.e. this is anything but the first in show.
Can anybody elaborate on the chances of "exploiting" a linux host via a virtual windows machine? Where do you find yourself, being the bit of malicious code that you are, facilitating this technique, having shed your virtual coil? And as what? And how do you gain knowledge of what you ended in? The host could be almost anything, how do you make sense of the bits and bytes you come to see?
I suppose being able to hack into the host operating system in linux through a Windows Virtual Machine depends upon which user's permission you run VMWARE in within Linux
It will be years before someone implements a really impressive attack through a virtual machine, but the one thing that jumps out at me immediately is that VMware guests share hardware with the host. How hard would it be to hijack a "virtual ethernet adapter" in Windows or see everything that's going on in a virtual hard drive? Really, anything that goes into or out of a guest OS should be visible to Windows.
Not disagreeing with article but Windows is not all trash infact Linux and Windows are now approx parity. the article i remeber and could found approximate is ...
http://www.channelregister.co.uk/2008/03/28/mac_hack/
Vista was hacked using non-MS products i.e. Flash or Sun-JVM and in an article i couldnt found. same JVM was used to hack LINUX aswell. but were hacked after lapsing 24-hours.
study up on posix, use cygwin, x-compile a couple tarballs, x-ref sigints vs. pid on the windows side. not sure how x11 is handling windows handles in mwm mode glad i reminded myself.
best of luck!
ciao.
-tc
oh yeah softlinks named pipes and rwx vs. dacls. not sure how vmware is going to present a logon session though, probably 'runas' context from the owner of the process
deeper and deeper...
-tc
yeah iscsi bothers me on gp and nvidia's nforce wmi shim etc. is obviously an issue. However. PPTP is nothing new injecting into tcp payloads etc.
-tc