VMware just released minor dot revisions to their virtualization platforms in order to address a set of security issues. A common set of security problems was addressed across each of the platforms (VMware Player, Workstation, ACE and Server). Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S VMware just released minor dot revisions to their virtualization platforms in order to address a set of security issues. A common set of security problems was addressed across each of the platforms (VMware Player, Workstation, ACE and Server).Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted. Thanks to Tavis Ormandy of Google for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE- 2007-1337 to this issue. Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems. Thanks to Sungard Ixsecurity for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1877 to this issue. Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment. Thanks to Ruben Santamarta of Reversemode for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue. In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine’s register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures. (bug 152159) Thanks to Ken Johnson for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1876 to this issue. In addition, VMware Player 1.0.4 Build 44386 addresses the following issue: A problem with VMware Tools causing the guest to run out of memory.You can download Player, here. In addition, VMware Workstation 5.5.4 Build 44386 addresses the following security issue:Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host’s file system. A vulnerability exists that could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default. Thanks to Greg MacManus of iDefense Labs for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1744 to this issue.You can download Workstation, here. In addition, VMware ACE 1.0.3 addresses the following issues: A malicious user could make plaintext additions to the encrypted preferences file by overwriting the file while VMware Player is running. (bug 117010) In the previous ACE release, if you added a USB controller to a Windows virtual machine on a Windows host and booted the virtual machine, the USB controller failed to initialize, with the message “A supported host USB driver not found”. (bug 104046) A problem with powering on virtual machines resulted from corruption of the preferences file. (bug 115699) A problem with VMware Tools caused the guest to run out of memory. (bugs 142230 and 27791) The virtual machine fails to power on with error message Access to this virtual machine blocked. An error was encountered while checking if this VM was encrypted properly. (bug 87751)You can download ACE, here. In addition, VMware Server 1.0.3 addresses the following issues: This release fixes a problem with VMware Tools that caused the guest to run out of memory. VMware Server 1.0.3 fixes a bug introduced in the VMware Server version 1.0.2 VIX API. As a result of this bug, if Vix_ReleaseHandle (vmhandle) and VixHost_Disconnect (hosthandle) are called, a crash occurs in VixHost_Disconnect(). This crash is accompanied by the following error message: VMware Server Error: VMware Server unrecoverable error: (app) ASSERT /build/mts/release/bora-39867/pompeii2005/bora/lib/vmdb/vmdbCtx.c:487 bugNr=23952 A log file is available in “/tmp/vmware-mark/vix-3749.log”. Please request support and include the contents of the log file. To collect files to submit to VMware support, run vm-support. We will respond on the basis of your support entitlement. You can download Server, here. Software Development