Skip to main content
SpringerLink
Log in

Analysis and Exploit of Directory Traversal Vulnerability on VMware

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 557))

  • 1051 Accesses

Abstract

VMware provides cloud and virtualization software and services. This paper focuses on directory traversal vulnerability on VMware. The principle, triggering conditions and the exploit process of this vulnerability is discussed. Furthermore, we design and establish the experimental environment to demonstrate the attack method. Experimental configurations and results discussion are given in detail. Finally, we offer generalized recommendations that can be applied to achieve secure virtualized implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Brooks, T.T., Caicedo, C., Park, J.S.: Security vulnerability analysis in virtualized computing environments. Int. J. Intell. Comput. Res. 3(1/2), 277–291 (2012)

    Google Scholar 

  2. Borisaniya, B., Patel, D.: Evasion resistant intrusion detection framework at hypervisor layer in cloud. In: International Conference on Advances in Communication, Network, and Computing, pp. 748–756 (2014)

    Google Scholar 

  3. China National Information Security Vulnerability Database (CNNVD). http://www.cnnvd.org.cn/

  4. CVE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733

  5. Morehouse, Flick: Stealing guests the VMWARE Way (2010)

    Google Scholar 

  6. Morehouse, Flick: VMstealer.pl. http://security.goldsby.com/2010/02/19/vmware-guest-stealer/

  7. ESX3.5. https://www.vmware.com/support/vi3/doc/vi3_esx3i_i_35u3_rel_notes.html

  8. Nessus plugins. https://www.tenable.com/plugins/index.php?view=all

  9. Kennedy, D., O’Gorman, J., Kearns, D., et al.: Metasploit: The Penetration Tester’s Guide

    Google Scholar 

  10. Directory traversal attack. https://en.wikipedia.org/wiki/Directory_traversal_attack

  11. Nmap script. https://blog.skullsecurity.org/2010/how-to-install-an-nmap-script

  12. Khan, S., Saxena, A.: Detecting input validation attacks in web application. Int. J. Comput. Appl. 109(6), 1–4 (2015)

    Google Scholar 

  13. Zeadally, P.M.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 94–111 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing, 100044, China

    Yuanyuan Bai & Zhi Chen

Authors
  1. Yuanyuan Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuanyuan Bai .

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Beijing, China

    Wenjia Niu

  2. Deakin University, Burwood, Victoria, Australia

    Gang Li

  3. Beijing Jiaotong University, Beijing, China

    Jiqiang Liu

  4. Chinese Academy of Sciences, Beijing, China

    Jianlong Tan

  5. Chinese Academy of Sciences, Beijing, China

    Li Guo

  6. Beijing Jiaotong University, Beijing, China

    Zhen Han

  7. Fac. Science&Technology, Deakin University, Burwood, Victoria, Australia

    Lynn Batten

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bai, Y., Chen, Z. (2015). Analysis and Exploit of Directory Traversal Vulnerability on VMware. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48683-2_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48682-5

  • Online ISBN: 978-3-662-48683-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation