Security: VMware Workstation Guest Isolation Vulnerability

SecuriTeam reports an interesting advice about last version of VMware Workstation:

Each VM has its own settings. one settings category is “Guest Isolation”, which includes a checkbox named “Enable copy and paste to and from this virtual machine”. This feature can work only if the “VMware tools” component is installed on the guest OS. The clipboard copy operation can transfer only text, not files or streams. Eitan has discovered the following issues regarding this component:

  1. Changing the value of this feature (in either way enabling or disabling) becomes actually active only if a global operation is made towards the guest OS, like suspend and resume, reset, restart (from within the guest OS), shutdown (either from within the guest OS of by performing a “power off” from the VMware workstation application) and then turning it back on. Simply changing the check box value and pressing OK will not change current functionality of this feature.
  2. When this feature is turned on and working The direction of the clipboard content transfer is the same as the direction of the focus change between guest and host operating systems and vice versa. But, when the host OS clipboard is empty and the focus is moved to the guest OS clipboard the guest clipboard is not cleared and left with its current content. Now, when focusing back to the host’s, empty, source clipboard it is now filled with the content of the guest’s clipboard thus the host clipboard is failing to keep itself erased and its previously cleared content is re-filled from the guest OS. This behavior may re-fill the host’s clipboard with data that was intentionally erased (like password or credit card number). Strangely, this behavior does not happen when the process is started from the guest OS clipboard, and if it is the first to be erased, and then the focus moves to the host, the host’s clipboard is erased. So, the issue here is only when the process starts from the host side.

Read the whole security advice at source.