Abstract
VMware provides cloud and virtualization software and services. This paper focuses on directory traversal vulnerability on VMware. The principle, triggering conditions and the exploit process of this vulnerability is discussed. Furthermore, we design and establish the experimental environment to demonstrate the attack method. Experimental configurations and results discussion are given in detail. Finally, we offer generalized recommendations that can be applied to achieve secure virtualized implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Brooks, T.T., Caicedo, C., Park, J.S.: Security vulnerability analysis in virtualized computing environments. Int. J. Intell. Comput. Res. 3(1/2), 277–291 (2012)
Borisaniya, B., Patel, D.: Evasion resistant intrusion detection framework at hypervisor layer in cloud. In: International Conference on Advances in Communication, Network, and Computing, pp. 748–756 (2014)
China National Information Security Vulnerability Database (CNNVD). http://www.cnnvd.org.cn/
CVE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733
Morehouse, Flick: Stealing guests the VMWARE Way (2010)
Morehouse, Flick: VMstealer.pl. http://security.goldsby.com/2010/02/19/vmware-guest-stealer/
ESX3.5. https://www.vmware.com/support/vi3/doc/vi3_esx3i_i_35u3_rel_notes.html
Nessus plugins. https://www.tenable.com/plugins/index.php?view=all
Kennedy, D., O’Gorman, J., Kearns, D., et al.: Metasploit: The Penetration Tester’s Guide
Directory traversal attack. https://en.wikipedia.org/wiki/Directory_traversal_attack
Nmap script. https://blog.skullsecurity.org/2010/how-to-install-an-nmap-script
Khan, S., Saxena, A.: Detecting input validation attacks in web application. Int. J. Comput. Appl. 109(6), 1–4 (2015)
Zeadally, P.M.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 94–111 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bai, Y., Chen, Z. (2015). Analysis and Exploit of Directory Traversal Vulnerability on VMware. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-662-48683-2_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48682-5
Online ISBN: 978-3-662-48683-2
eBook Packages: Computer ScienceComputer Science (R0)