VMware has fixed an error in its ESX 4.1 virtual server hypervisor that would allow local users to acquire local-level privileges on the hosted virtual server. As a result, users could access and change important settings.
The hypervisor error occurs because of an issue with the stack pointer that would create an overflow situation. Under these circumstances, the hypervisor would become vulnerable to corruption that could affect the entire virtual server.
Tim Orchard, technical director at testing company Activity Information Management, told TechTarget the ESX 4.1 hypervisor flaw has not remotely exploited. However, vulnerabilities in the ESX remote management interface have been exploited.
"By putting a number of servers on one device you do provide an attractive target to attack. There has been significant research into how to attack the hypervisor, but it has been difficult to exploit in the real world," Orchard told the news source.
Overall, Orchard said, security threats to virtual server hosting environments have only been theoretical, as researchers have struggled to find ways to exploit flaws in virtual servers.
According to Windows IT Pro, VMware's hypervisor products can be valuable in virtual server hosting environments because they provide high availability features that improve server reliability and prevent downtime.