Mitigating the TALOS-2017-0376 vulnerability for VNC enabled virtual machines on VMware Workstation 12.x and Fusion 8.x
Article ID: 324880
Updated On:
Products
VMware
VMware Desktop Hypervisor
Issue/Introduction
This article provides information on how to enable VNC authentication to prevent Denial of Service vulnerability when using VNC on VMware Workstation Pro 12.x and VMware Fusion 8.x.
Environment
VMware Workstation Player 12.x
VMware Fusion 8.x
VMware Fusion 8.x
Cause
VMware Workstation and Fusion contain a Denial-of-Service vulnerability which can be triggered by opening a large number of VNC sessions.This security issue TALOS-2017-0376 is only exploitable when VNC is enabled. The common vulnerabilities and exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6957 to this issue.
Resolution
To resolve this issue for a VNC enabled virtual machine, configure a VNC authentication password.
Workaround:
To workaround this issue:
Workaround:
To workaround this issue:
- For VMware Workstation 12.x:
- From the VMware Workstation Menu bar, select virtual machine > Settings.
- Click the Options tab.
- Select VNC Connections from the list.
- Configure a password for the VNC connection.
- For VMware Fusion 8.x:
- From the VMware Fusion Menu bar, select virtual machine > Settings.
- Click Advanced.
- Select Remote Display over VNC.
- Configure a password for the VNC connection.
Additional Information
Discovered by Lilith Wyatt of Cisco Talos
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0376
Feedback
Yes
No
Powered by
