Metasploit Exploitation of VM Hosts

[natronicus at gmail.com (natronicus)]

Gadi Evron posted a link on fuzzing virtual machines
(http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/ ) to
the fuzzing mailing list (fuzzing at whitestar.linuxbox.org) a few months
ago, as well as some high-level thoughts on exploiting buggy hardware
emulation.  The paper discussed is titled "An Empirical Study into the
Security Exposure to Hosts of Hostile Virtualized Environments", and
is located here: http://taviso.decsystem.org/virtsec.pdf.

Is this an arena metasploit might one day move into?

Currently, the metasploit framework does not know how to talk directly
to hardware, but do libraries exist in ruby or elsewhere that could be
used to inject code into a VM host?  Metasploit could of course be
used to deliver and execute a package created in C or
you-name-the-language, but does anything exist in Ruby that would
allow you to port in to metasploit for building exploits similar to
the current ones?

It's possible that the VM landscape is too unstandardized and complex
for something like metasploit to directly tackle, though.  I'm
envisioning libraries having to be built to talk to every piece of
emulated hardware, and possible specific to each VM tech.  (Although,
given that the VM host is designed to emulate some sort of standard
hardware, you would expect the code for talking to that hardware to be
fairly close across VMWare Server, QEMU, etc.)

Thoughts?

n