VMware Communities

support packs and older versions of workstation.

Copied from http://secunia.com


shinnai has discovered a vulnerability in multiple VMware products,

which can be exploited by malicious people to cause a DoS (Denial of


The vulnerability is caused due to an error in the VMware Authorization

Service when processing login requests. This can be exploited to

terminate the "vmware-authd" process via "USER" or "PASS" strings

containing e.g. '\xFF' characters, sent to TCP port 912.

The vulnerability is confirmed in vmware-authd.exe version

included in VMware Workstation 6.5.3 build 185404, and reported in

VMware Player 2.5.3 build 185404 and VMware ACE 2.5.3. Other versions

may also be affected.

The solution listed is to restrict the port to trusted users only.


My question however is this: Does having a valid support pack entitle you to a patch to permantenty solve this issue? Or has support been suspended altogether regardless of support packs or not?

Intel Smackover x58-chipset

Intel i7 965


Radeon HD4870 1GB VRAM (5870 version ordered)

Vista Bus. x64/Windows 7 Ulti x64

VMware Workstation 7.x User VMware ESXi 3.5.x/4.x Admin
0 Kudos
1 Reply

never heard that VMware release patches for Workstation , Player or ACE.

If this is a serious issue I would expect we see an updated 6.5.4 instead.


VMX-parameters- VMware-liveCD - VM-Sickbay

Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos