The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.

Successful exploitation allow attackers to execute arbitrary code on the affected application and causes the Denial of Service. Impact Level: Application

Upgrade VMware ACE to 2.5.4 build 246459 or later, Upgrade VMware Player to 2.5.4 build 246459 or later, Upgrade VMware Workstation to 6.5.4 build 246459 or later, For updates refer to http://www.vmware.com

The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.

VMware ACE 2.5.3 and prior. VMware Player 2.5.3 build 185404 and prior. VMware Workstation 6.5.3 build 185404 and prior.

• http://secunia.com/advisories/36988
• http://securitytracker.com/alerts/2009/Oct/1022997.html

---

Updated on 2015-03-25