shinnai has discovered a vulnerability in multiple VMware products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the "vmware-authd" process via "USER" or "PASS" strings containing e.g. '\xFF' characters, sent to TCP port 912.
The vulnerability is confirmed in vmware-authd.exe version 184.108.40.20688 included in VMware Workstation 6.5.3 build 185404, and reported in VMware Player 2.5.3 build 185404 and VMware ACE 2.5.3. Other versions may also be affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: VMware Authorization Service Denial of Service Vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.