Bugtraq mailing list archives
Re: Vm ware 0day dos exploit by n00b.
From: Paul Szabo <psz () maths usyd edu au>
Date: Tue, 20 Jun 2006 12:59:57 +1000
co296 () aol com wrote:
... in vmware user's .vmx file ... we change ... ide1:0.fileName = AAAAA... it will cause a d0s ...
I am confused: cannot you cause such a problem with any invalid filename? Where is the attack, if you had to have write access to the user's file? Can you have code execution (shellcode in that name, for VMware on UNIX where bits of it run as root)? Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Current thread:
- Vm ware 0day dos exploit by n00b. co296 (Jun 19)
- Re: Vm ware 0day dos exploit by n00b. Paul Szabo (Jun 20)
- Re: Vm ware 0day dos exploit by n00b. Eliah Kagan (Jun 20)