VMware View Directory Traversal Exploit Fix

Share Button

VMware View Security PatchAre you running VMware View?  If so, you will want to look at implementing this newly released security patch from VMware that resolves a potential scenario where a guest user, who has been given access to particular files on a VM, could potentially  prompt the VM to traverse directories and retrieve files that this user should not have access to, eg: hashed passwords, etc.

I don’t normally cover security patch updates on TechHead as they are common place across all software products these days, though this particular vulnerability is a particularly nasty one that could have far reaching security implications for your virtualized VMware environment so I thought it worth a mention.

What Versions of View are affected?

The affected versions of VMware View are:

    VMware View 5.x prior to version 5.1.2
          
    VMware View 4.x prior to version 4.6.2
          
    As always, ensure you have full working backups before applying any patches else tempt the patching gods, who will teach you a lesson by making it go all horribly wrong! Winking smile
Share Button
About Simon Seagrave

Simon is a UK based Virtualization & IT Technology Evangelist working as a Senior Technology Consultant and vSpecialist for EMC. He loves working in the ever changing IT industry & spends most of his time working with Virtualisation, Cloud & other Enterprise IT based technologies, in particular VMware, EMC and HP products.