|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Vm ware 0day dos exploit by n00b.
From: Paul Szabo (psz
maths.usyd.edu.au)
Date: Mon Jun 19 2006 - 21:59:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
co296aol.com wrote:
> ... in vmware user's .vmx file ... we change ...
> ide1:0.fileName = AAAAA... it will cause a d0s ...
I am confused: cannot you cause such a problem with any invalid filename?
Where is the attack, if you had to have write access to the user's file?
Can you have code execution (shellcode in that name, for VMware on UNIX
where bits of it run as root)?
Cheers,
Paul Szabo pszmaths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]