Isolation implies the independence virtual machines afford. Virtual machines are completely isolated from hosts and other machines. This provides the security that if one machine crashes the rest of the machines will be unaffected. This isolation also ensures data control. Machines can only communicate through specifically configured network connections. Data cannot infiltrate or affect other machines or applications.Link
Encapsulation is similar to the abstraction and information hiding that characterizes virtualization. It is defined as the combination of elements to create a new entity. For example, OOP (Object-Oriented Programming) languages like C++ and Java use encapsulation to create high-level (abstracted) objects. In virtualization, an entire virtual machine and its contents are encapsulated so it can be saved as a single file. This makes it incredibly easy to copy and move. Encapsulation resonates with virtualization in its tendency towards hiding the details to make dealing with objects easier. This is accomplished by hiding complexity with a simple interface.
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Comments
Post a Comment