VMware GSX Server/Workstation Host Operating System Compromise Vulnerability

VMware GSX Server/Workstation Host Operating System Compromise Vulnerability

Solution:
The vendor has addressed this issue in GSX Server 2.5.1 patch 1 / VMWare Workstation 4.0.1. Users are advised to contact the vendor for upgrade details.

** August 02, 2003: VMWare has released a new version of VMWare Workstation that is not vulnerable, Workstation 3.2.1 patch 1. It is available at:

http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST3-LX-ESD

Upgrade instructions are available at:

http://www.vmware.com/support/ws3/doc/upgrade_ws.html

Gentoo has released a new security advisory (200308-03.1) to address this issue. It has been discovered that the previously announced upgrade did not in fact address this vulnerability. As a result, Gentoo users affected by this issue are advised to upgrade by issuing the following series of commands:

emerge sync
emerge \=app-emulation/vmware-workstation/vmware-workstation-4.0.2.5592
emerge clean

See new advisory for further details.