VMware recently patched a zero day vulnerability in its View desktop virtualization software that was discovered in September by Digital Defense, a San Antonio-based vendor of SaaS security services.
The flaw, which VMware described in a bulletin to View customers as a "critical directory traversal vulnerability," is serious enough to enable an unauthenticated remote attacker to access files -- and potentially, sensitive data -- from the underlying root file system of View Connection Server and View Security Server.
DDI Labs, the vulnerability research arm of Digital Defense, said in a blog post that the vulnerability affects the tunnel-server component of View Connection Server, rendering it unable to determine whether a requested URL is authorized to access the file it refers to.
[Related: VMware Releases Expedited Patches For ESX Source Code Leak]
"A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory," DDI Labs said in the blog post.
VMware fixed the flaw last week in its View 4.6.2 and View 5.1.2 security updates. DDI Labs, which discovered the issue Sept. 26, praised VMware for its quick response.
The National Vulnerability Database assigned the VMware View vulnerability a CVSS v2 base score of 5.0 on its 10-point scale, noting that it is exploitable over a network, has a low access complexity and does not require authentication to exploit.
Danish security research firm Secunia had a similar view of the situation, rating the flaw "moderately critical," or a 3 on its 5-point severity scale, due to its potential for sensitive data leakage.
VMware in May issued a series of security patches for products it warned could be at heightened risk due to a ESX server hypervisor source code leak that came to light in April, including Workstation, Player, ESXi and ESX.
