VMware Communities
CaptainLeonidas
Enthusiast
Enthusiast
‎11-18-2009 03:00 AM

support packs and older versions of workstation.

Copied from http://secunia.com

-

shinnai has discovered a vulnerability in multiple VMware products,

which can be exploited by malicious people to cause a DoS (Denial of

Service).

The vulnerability is caused due to an error in the VMware Authorization

Service when processing login requests. This can be exploited to

terminate the "vmware-authd" process via "USER" or "PASS" strings

containing e.g. '\xFF' characters, sent to TCP port 912.

The vulnerability is confirmed in vmware-authd.exe version 6.5.3.8888

included in VMware Workstation 6.5.3 build 185404, and reported in

VMware Player 2.5.3 build 185404 and VMware ACE 2.5.3. Other versions

may also be affected.

The solution listed is to restrict the port to trusted users only.

-

My question however is this: Does having a valid support pack entitle you to a patch to permantenty solve this issue? Or has support been suspended altogether regardless of support packs or not?

Intel Smackover x58-chipset

Intel i7 965

6GB DDR3

Radeon HD4870 1GB VRAM (5870 version ordered)

Vista Bus. x64/Windows 7 Ulti x64

VMware Workstation 7.x User VMware ESXi 3.5.x/4.x Admin
0 Kudos
1 Reply
continuum
Immortal
Immortal
‎11-18-2009 03:22 AM

never heard that VMware release patches for Workstation , Player or ACE.

If this is a serious issue I would expect we see an updated 6.5.4 instead.






___________________________________

VMX-parameters- VMware-liveCD - VM-Sickbay


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos