Copied from http://secunia.com
-
shinnai has discovered a vulnerability in multiple VMware products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an error in the VMware Authorization
Service when processing login requests. This can be exploited to
terminate the "vmware-authd" process via "USER" or "PASS" strings
containing e.g. '\xFF' characters, sent to TCP port 912.
The vulnerability is confirmed in vmware-authd.exe version 6.5.3.8888
included in VMware Workstation 6.5.3 build 185404, and reported in
VMware Player 2.5.3 build 185404 and VMware ACE 2.5.3. Other versions
may also be affected.
The solution listed is to restrict the port to trusted users only.
-
My question however is this: Does having a valid support pack entitle you to a patch to permantenty solve this issue? Or has support been suspended altogether regardless of support packs or not?
Intel Smackover x58-chipset
Intel i7 965
6GB DDR3
Radeon HD4870 1GB VRAM (5870 version ordered)
Vista Bus. x64/Windows 7 Ulti x64
VMware Workstation 7.x User
VMware ESXi 3.5.x/4.x Admin