When hosted on Linux (Ubuntu 12.04), VMware Workstation 9.0.1 listens on TCP ports 443 and 902, on all network interfaces (0.0.0.0). This happens as soon as the host OS finishes booting, even if you don't launch the VMware GUI or start up any VM guests.
This creates a potential attack surface, on a machine which may be used on hostile networks, and normally has no listening TCP ports open.
Can these two listeners safely be stopped ?
Or, can we reconfigure these listeners to bind only to the loopback address (127.0.0.1) ?
Of course we could solve this issue by switching on the Linux firewall on the host, but this seems like using a sledgehammer to crack a nut! There's no business reason for VMware Workstation to bind to anything other than the loopback address, so it would be simpler if there was a change to the VMware startup scripts to solve the problem at source.
Thanks for any pointers!
- Martin.
vmware-authdlau 1419 root 8u IPv4 12139 0t0 TCP *:902 (LISTEN)hostd-worker 1732 root 27u IPv4 8818 0t0 TCP *:https (LISTEN)hostd-worker 1732 root 32u IPv4 8822 0t0 TCP localhost:8307 (LISTEN)I haven't done it however If you're not going to use Shared VM's then I see no harm in commenting out the above entries. It wouldn't permanently break anything and you certainly can easily uncomment if/when necessary.
you could try to run without hostd in case you do not need it
Well, I'm a bit reluctant to edit the scripts in /etc/init.d/vmware* without knowing which daemons can safely be commented out.
The processes involved seem to be hostd-worker and vmware-authdlauncher:
# ps axwl | grep vmware-authdlau
5 0 1419 1 20 0 30168 908 poll_s Ss ? 0:00 /usr/sbin/vmware-authdlauncher
vmware-authdlau 1419 root 8u IPv4 12139 0t0 TCP *:902 (LISTEN)hostd-worker 1732 root 27u IPv4 8818 0t0 TCP *:https (LISTEN)hostd-worker 1732 root 32u IPv4 8822 0t0 TCP localhost:8307 (LISTEN)I haven't done it however If you're not going to use Shared VM's then I see no harm in commenting out the above entries. It wouldn't permanently break anything and you certainly can easily uncomment if/when necessary.
Ah... Simpler than I thought! I've successfully bodged the VMware host startup scripts as follows.
1. In /etc/init.d/vmware
Comment out the line:
2. In /etc/init.d/vmware-workstation-server
After the line:
### END INIT INFO
Add two new lines:
echo Aborting launch of vmware-workstation-server
exit 0
After rebooting the host, the listeners on port 443 and 902 are no longer present. But the VMware Workstation still works perfectly when started successfully from the GUI (Ubuntu 12.04).
Is there a simple way to report this to VMware for review? It shouldn't be necessary to bodge their startup scripts to prevent unnecessary services from launching by default.
Kind regards,
- Martin
Is there a simple way to report this to VMware for review? It shouldn't be necessary to bodge their startup scripts to prevent unnecessary services from launching by default.
Have a look at: Making a VMware feature request