VMware View Directory Traversal Exploit Fix

Are you running VMware View?  If so, you will want to look at implementing this newly released security patch from VMware that resolves a potential scenario where a guest user, who has been given access to particular files on a VM, could potentially  prompt the VM to traverse directories and retrieve files that this user should not have access to, eg: hashed passwords, etc.

I don’t normally cover security patch updates on TechHead as they are common place across all software products these days, though this particular vulnerability is a particularly nasty one that could have far reaching security implications for your virtualized VMware environment so I thought it worth a mention.

What Versions of View are affected?

The affected versions of VMware View are:

    VMware View 5.x prior to version 5.1.2
    VMware View 4.x prior to version 4.6.2
      As always, ensure you have full working backups before applying any patches else tempt the patching gods, who will teach you a lesson by making it go all horribly wrong!

    Leave a Comment

    Leave a Reply Cancel reply