[Parallels] Guest to Host VM Escape via Directory Traversal

We discussed this vulnerability during Episode 199 on 27 March 2023

A directory traversal vulnerability in Parallels Desktop for MacOS has been identified, leading to a guest-to-host VM escape. Parallels ToolGate, a virtual PCI device, facilitates communication between the guest and host operating systems. One typical function of this device is transmitting crash dumps from the guest to the host’s GuestDumps folder for the VM, using a specific file-naming format with truncated attacker controlled data at the front of the filename.

The file-writing request takes the process name as one of its inputs, which is truncated to 20 characters and incorporated into the filename. Due to a lack of sanitization, a traversal can be included, allowing the writing of controlled content to other files on the host operating system. A null-byte in the string can be used to bypass the extra bytes appended to the process name, as string conversion will stop processing at the first null-byte.

While the core vulnerability may not seem particularly novel, involving a standard directory traversal, a common method for handling appended content, and a size restriction, it is noteworthy for demonstrating a VM escape that exploits a vulnerability typically associated with web applications. The hard part in finding this is really just learning enough about operating systems to communicate over low-level PCI ports.