Some vulnerabilities have been found in all virtualization software, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges. For ex.
The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system.(Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege )
A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files.
A vulnerability in Xen is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.
No comments:
Post a Comment