• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VMware GSX Server/Workstation Host Operating System Compromise Vulnerability

Solution:
The vendor has addressed this issue in GSX Server 2.5.1 patch 1 / VMWare Workstation 4.0.1. Users are advised to contact the vendor for upgrade details.

** August 02, 2003: VMWare has released a new version of VMWare Workstation that is not vulnerable, Workstation 3.2.1 patch 1. It is available at:

http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST3-LX-ESD

Upgrade instructions are available at:

http://www.vmware.com/support/ws3/doc/upgrade_ws.html

Gentoo has released a new security advisory (200308-03.1) to address this issue. It has been discovered that the previously announced upgrade did not in fact address this vulnerability. As a result, Gentoo users affected by this issue are advised to upgrade by issuing the following series of commands:

emerge sync
emerge \=app-emulation/vmware-workstation/vmware-workstation-4.0.2.5592
emerge clean

See new advisory for further details.