Are you running VMware View? If so, you will want to look at implementing this newly released security patch from VMware that resolves a potential scenario where a guest user, who has been given access to particular files on a VM, could potentially prompt the VM to traverse directories and retrieve files that this user should not have access to, eg: hashed passwords, etc.
I don’t normally cover security patch updates on TechHead as they are common place across all software products these days, though this particular vulnerability is a particularly nasty one that could have far reaching security implications for your virtualized VMware environment so I thought it worth a mention.
What Versions of View are affected?
The affected versions of VMware View are:
VMware View 5.x prior to version 5.1.2
VMware View 4.x prior to version 4.6.2
More Information & Fix
For more information see this VMware Security Advisory which also includes a link to the downloadable patch.
- As always, ensure you have full working backups before applying any patches else tempt the patching gods, who will teach you a lesson by making it go all horribly wrong!