The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.

Successful exploitation allow attackers to execute arbitrary code on the affected application and causes the Denial of Service. Impact Level: Application

Upgrade to player 3.0.1 build 227600 or 2.5.4 build 246459, http://www.vmware.com/products/player/ Upgrade to VMware ACE 2.6.1 build 227600 or 2.5.4 build 246459 http://www.vmware.com/products/ws/ Upgrade VMware Workstation 7.0.1 build 227600 and 6.5.4 build 246459 http://www.vmware.com/download/ace/ Apply workaround for VMware Server version 2.x, http://www.vmware.com/resources/techresources/726 ***** NOTE: Ignore this warning, if above mentioned workaround is manually applied. *****

The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.

VMware Server 2.x VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459

• http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
• http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
• http://lists.vmware.com/pipermail/security-announce/2010/000090.html
• http://www.vmware.com/security/advisories/VMSA-2010-0007.html

---

Updated on 2015-03-25