CVE-2024-6154 - Parallels Desktop Toolgate Heap-Based Buffer Overflow Leading to Local Privilege Escalation

Parallels Desktop is a widely-used application for running virtual machines (VMs) on macOS. It’s popular among developers, testers, and regular users who want Windows or Linux environments on their Mac. But like all software, it’s not immune to vulnerabilities. In June 2024, a critical flaw—CVE-2024-6154—was disclosed. This post breaks down the vulnerability in simple terms, details how it works, shows code snippets for understanding, and explains its exploitation process.

Overview of CVE-2024-6154

Name: Parallels Desktop Toolgate Heap-Based Buffer Overflow Local Privilege Escalation
CVE ID: CVE-2024-6154
ZDI Reference: ZDI-CAN-20450
Severity: High
Impact: Local Privilege Escalation (LPE)
Affected Component: Toolgate (part of Parallels Tools)
Attack Vector: Local (attacker must execute code inside a guest VM)

Why Does This Matter?

A buffer overflow like this can let a malicious user running in a VM “break out” and execute code on the macOS host, effectively escaping from the sandboxed world of the VM. This is a big risk in multi-user and shared environments.

What is Parallels Toolgate?

Toolgate is a communication component that lets the VM and the host system exchange data and commands. It’s part of the Parallels Tools suite, which provides things like clipboard sharing and seamless mouse integration.

What’s the Bug?

The Toolgate service doesn’t properly check the size of incoming data before copying it into a memory buffer located on the heap. If a crafted, oversized message is sent, this code writes outside the bounds of the buffer—a classic heap-based buffer overflow.

Vulnerable Code Pattern (Pseudo-C)

void handle_message(char *data, size_t length) {
    char buffer[256];
    // No check on 'length' size!
    memcpy(buffer, data, length);  // Vulnerable: can overflow 'buffer'
}

There’s no validation to ensure length doesn’t exceed buffer’s capacity (256 bytes in this example). An attacker-controlled VM can send a malicious message longer than that, and the Toolgate service on the host will overwrite adjacent memory.

Potential Impact

- Escalate Privileges: A low-privileged user in a VM could potentially run code as a higher-privileged user on the host macOS.

Arbitrary Code Execution: Attackers could execute payloads or even install malware on the host.

- VM Escape: In security environments (like malware analysis sandboxes), a guest could “escape” into the host.

Exploitation Flow (How Attackers Leverage It)

1. Attack Preparation: The attacker must be able to run code inside a Parallels guest VM (not just have access, but actually execute binaries or scripts).
2. Malicious Payload: The attack code crafts an oversized message to send via Toolgate, containing malicious shellcode or instructions.
3. Send Message: The crafted payload is sent to the Toolgate IPC (local socket or shared memory channel provided by Parallels Tools).
4. Buffer Overflow Occurs: Toolgate service on the host copies data into a fixed-size buffer unchecked, causing overflow.
5. Hijack Execution: By overwriting control structures or function pointers (like vtables or return addresses), the attack code makes Toolgate execute the payload on the host.

Proof of Concept (Educational Only!)

Below is a simplified *example* (not a real exploit) just for educational purposes. This shows the idea: sending too much data to a service that does not check sizes.

Python Code Snippet: Sending Malicious Buffer From Guest VM

import socket

# Substitute with actual Toolgate socket path from Parallels
TOOLGATE_SOCKET = '/var/run/parallels-toolgate.sock'
OVERFLOW_SIZE = 1024  # Way more than the 256 it expects

payload = b'A' * OVERFLOW_SIZE  # Overflow payload

with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as s:
    try:
        s.connect(TOOLGATE_SOCKET)
        s.sendall(payload)
        print("[*] Payload sent!")
    except Exception as e:
        print(f"[!] Failed: {e}")

If the host’s Toolgate service uses this pattern, it would copy all those 'A's into too-small a buffer, possibly smashing function pointers or vtables and gaining control.

Parallels Users: What Should You Do?

1. Update Immediately: Parallels has released a patch. Update to the latest version of Parallels Desktop and Parallels Tools across all VMs.

Limit Privileged VM Access: Don’t let untrusted users run code inside any VM.

3. Monitor for Abnormal VM-to-Host Activity: Unexplained processes or traffic from the Tools suite could indicate abuse.

Always validate input lengths before using memcpy or similar functions.

- Use modern defenses like ASLR and stack cookies, but remember: heap overflows can sometimes bypass these.

Vendor Advisory:

Parallels Security Updates

Zero Day Initiative (ZDI) Advisory:

ZDI-24-541: Parallels Desktop Toolgate Heap Buffer Overflow

CVE Details:

CVE-2024-6154 Listing

General Buffer Overflow Reading:

OWASP: Buffer overflows

Conclusion

CVE-2024-6154 is a high-severity vulnerability affecting Parallels Desktop's Toolgate service, enabling local attacks from inside a VM to escalate privileges on the macOS host. The root cause is lack of length validation before memory copy operations—an old, yet still dangerous, class of bug. Update your installations, never trust data from inside VMs, and always apply defense-in-depth strategies.

Timeline

Published on: 06/20/2024 20:15:21 UTC
Last modified on: 06/21/2024 11:22:01 UTC