Security Response to BugTraq 15998 (CVE-2005-4459): Vulnerability in NAT Networking (2000)
I am using a VMware product affected by the vulnerability described on the Security Focus Web site at www.securityfocus.com/bid/15998/ and on the CERT Web site at www.kb.cert.org/vuls/id/856689. What do I need to do to correct the problem and protect my host machine?
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4459 to this issue.
VMware has issued updates to VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player to address a potential vulnerability in the NAT networking component of these products.
VMware ESX Server, VMware VirtualCenter, and VMware Virtual Infrastructure Node are not subject to this vulnerability.
The vulnerability in the NAT component affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0, and previous releases of these products.
The vulnerability affects users who configure their virtual machines to use NAT networking. It does not affect virtual machines using other types of networking.
When a virtual machine is using NAT networking, a malicious guest could potentially use a specific NAT networking configuration to execute unwanted code on the host machine.
This information is particularly relevant to malware researchers who use VMware software to audit viruses, spyware, and other malware. However, VMware recommends that all affected users update their products to the new releases available at www.vmware.com/download/ in order to optimize the security profile for their VMware environments.
The following versions correct the problem:
- For VMware Workstation 5.x: VMware Workstation 5.5.1 or higher
- For VMware Workstation 4.x: VMware Workstation 4.5.3 or higher
- For VMware Player: VMware Player 1.0.1 or higher
- For VMware ACE 1.x: VMware ACE 1.0.2 or higher
- For VMware GSX Server 3.x: VMware GSX Server 3.2.1 or
If you choose not to update your product but want to ensure that the NAT service is not available, you can disable it completely on the host. For instructions, see kb.vmware.com/kb/2002.