There’s a serious vulnerability that’s been found in Vmware that can make malware “leap” out of Vmware into your host system.
Since Vmware is used heavily in malware research, this is an obvious danger.
From Vmware’s KB:
A vulnerability has been discovered in vmnat.exe on Windows hosts and vmnet-natd on Linux systems. The vulnerability in this component affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0, and previous releases of these products. The vulnerability makes it possible for a malicious guest using a NAT networking configuration to execute unwanted code on the host machine.
VMware believes that the vulnerability is very serious and recommends that affected users update their products to the new releases available at www.vmware.com/download or change the configuration of the virtual machine so it does not use NAT networking.
Link here. More at SecurityFocus.
I just spoke with Vmware Support (Rahul was very helpful), and patches are only available for versions VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0. Apparently, all versions prior to these will need to address the problem by turning off NAT networking.
If you have any confusions or doubts, I would recommend contacting Vmware support.
Also, a tip: If you own an older version like 4.5, it’s likely considerably cheaper just to buy a Silver support contract than to pay the upgrade price. You get free upgrades with a Vmware support contract vs. just buying an upgrade. Check with Vmware to see if it makes sense.
Alex Eckelberry
(Hat tip to Full Disclosure, Eric and Adam)
The software industry is one of the world’s fastest growing industries
with a net worth of hundreds of billions of dollars.
A lot of people have already made their personal fortunes from this
rapidly growing industry.
All this means that it’s now the perfect time for you to start your
own software business.
You’ve just discovered the secret source for a complete range of
ready-made software tools, all of which can be private labeled with
your own details and then sold to generate a lucrative income.
Best Of Success
Stan Morse
http://trafficzone.us/so/free_software.html