VMware ACE Release Notes

• Customizable interface. Customize the behavior and look and feel for end users.
• Flexible computing environment. End users can revert to a previous state within seconds and can work online or when disconnected from the enterprise network.

Resolved Issues

Issues Resolved in VMware ACE 1.0.5

VMware ACE 1.0.5 fixes the following security-related bugs:

• An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.
  bug 235402, (Foundstone CODE-BUG-H-001)
• An internal security audit determined that a malicious user could exploit an insecurely created named pipe object to escalate privileges or create a denial-of-service attack.
  bug 235831, (Foundstone CODE-BUG-H-002)
• A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware ACE 1.0.5 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability.
  bug 236969), RSA Signature Forgery (CVE-2006-4339)
• This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities.
  bug 237046
• A vulnerability in VMware ACE running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations.
  bug 239998, (CORE-2007-0930)
• The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
  bug 241647
• The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges.
  bug 241676

Issues Resolved in VMware ACE 1.0.4

VMware ACE 1.0.4 fixes the following security-related bugs:

• This release fixes several security vulnerabilities in the VMware DHCP server that could enable a malicious web page to gain system-level privileges.
  Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063.
• This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.
  Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
• This release fixes a security vulnerability that could allow a guest operating system user without administrator privileges to cause a host process to become unresponsive or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.
  Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
• This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This problem could result in a security vulnerability from some images stored in virtual machines downloaded by the user.
• This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
  Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4059.
• This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
  Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to this issue: CVE-2007-4155.
• This release fixes a problem that could result in a security vulnerability from some images stored in virtual machines downloaded by the user.
• This release fixes a security vulnerability in which VMware ACE was starting registered Windows services such as the Authorization service with "bare" (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability could allow a malicious user to escalate user privileges.
  Thanks to Foundstone for discovering this vulnerability.

• This release fixes the following problem: in virtual machines running Red Hat Linux with kernel version 2.4.2, installing VMware Tools and selecting the default display resolution (800 x 600) causes the virtual machine to become unresponsive.

Issues Resolved in VMware ACE 1.0.3

VMware ACE 1.0.3 fixes the following security-related bugs:

• Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted. (bug 147252)
  Thanks to Tavis Ormandy of Google for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE- 2007-1337 to this issue.
• Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems. (bug 148912)
  Thanks to Sungard Ixsecurity for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1877 to this issue.
• Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment. (bug 141804)
  Thanks to Ruben Santamarta of Reversemode for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue.
• In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures. (bug 152159)
  Thanks to Ken Johnson for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1876 to this issue.
• Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host's file system. A vulnerability exists that could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default. (bug 154114)
  Thanks to Greg MacManus of iDefense Labs for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1744 to this issue.
• A malicious user could make plaintext additions to the encrypted preferences file by overwriting the file while VMware Player is running. (bug 117010)

• In the previous ACE release, if you added a USB controller to a Windows virtual machine on a Windows host and booted the virtual machine, the USB controller failed to initialize, with the message "A supported host USB driver not found". (bug 104046)
• A problem with powering on virtual machines resulted from corruption of the preferences file. (bug 115699)
• A problem with VMware Tools caused the guest to run out of memory. (bugs 142230 and 27791)
• The virtual machine fails to power on with error message Access to this virtual machine blocked. An error was encountered while checking if this VM was encrypted properly. (bug 87751)
  

Issues Resolved in VMware ACE 1.0.1

• Virtual machine hangs when host wakes from hibernation (bug 24033)
• Encrypted virtual machines fail to install with no error message if there is not enough disk space (bug 52990)
• Reboot of host computer needed to enable advanced network quarantine (bug 53798)
• Packages created under an evaluation copy of VMware ACE Manager were not correctly updated by the paid copy of VMware ACE Manager (bug 60930)
• Tab key behaves like Alt-Tab in Japanese Windows 95 guest after Ctrl-Alt-Del or Ctrl-Alt-Ins is cancelled (bug 61031)
• Host quarantine's zone detection feature sometimes did not work correctly (bug 61209)
• Segmentation fault when running certain Java commands under SUSE LINUX 9.1 (bug 61300)
• Double-clicking the VMware ACE title bar changes the resolution of the guest operating system display while switching to full screen mode (bug 62615)
• Guest operating system freezes when laptop host computer is undocked from a docking station with a USB controller (bug 62959)
• Windows NT guest fails on Windows 2000 host (bug 64631)
• End user must minimize VMware ACE to view help (bug 66089)

Before You Get Started

Installing on a Computer with a Different VMware Product
VMware ACE Manager cannot be installed on a computer with VMware Workstation or VMware GSX Server installed. If you have one of these products installed on the computer where you plan to install VMware ACE Manager, use the Add/Remove Programs control panel to remove the existing product, then install VMware ACE Manager.

You may install VMware ACE Manager on a computer that has VMware Remote Console or VMware VirtualCenter installed.

Follow the same guidelines for the VMware ACE application installed on end users' computers.

Creating and Adding Virtual Machines
You can create new virtual machines in a VMware ACE project. VMware ACE also allows you to use an existing virtual machine, created under VMware Workstation 4.x or VMware GSX Server 3.x, in a project.

Install the Latest Version of VMware Tools
If you use existing virtual machines -- either virtual machines created in a different VMware product or virtual machines created in an earlier release of VMware ACE -- be sure to install the version of VMware Tools included in this release (VM > Install VMware Tools). The New Package Wizard prevents you from creating a package if the virtual machines do not have the current version of VMware Tools.

Known Issues

The following are known issues with VMware Server 1.

• When you attempt to install VMware ACE 1.0.x on a host that already has a higher 1.0.x or 2.0 version of ACE installed, the installation incorrectly indicates that a previous version of ACE is installed. If you proceed with the installation, the higher version of VMware ACE is uninstalled and replaced with the lower version. If you want to install VMware ACE 1.0.x on a host that already has a higher 1.0.x or 2.0 version of VMware ACE installed, you must manually uninstall the newer version before proceeding with the installation of the older version.
• In the Japanese version of VMware ACE, text is corrupted in the installer during upgrades from VMware ACE versions 1.00, 1.0.1, 1.0.2, or 1.0.3, 1.0.4 to VMware ACE version 2.0.x.

If you encounter any of the issues listed below, click the appropriate link or go to the VMware knowledge base (www.vmware.com/support/kb) and enter the article number as your search term.

• VMware ACE Package Installation Fails if the Installation Path is Too Long (KB 1756)
• "No Such Object" Error When Authenticating Users or Groups, or Creating a Package (KB 1786)
• Issues with Disk Space Required to Create VMware ACE Package (KB 1788)
• Error Message Appears When Upgrading VMware ACE Package (KB 1759)
• Host CPU Spikes at 100% after Deploying VMware ACE Package (KB 1789)
• Installer Starts Even if VMware ACE Manager is Running (KB 1760)
• Reverting to a Previous Version of the VMware ACE Application While Preserving Virtual Machines (KB 1738)
• Installer Starts Slowly When Downgrading to VMware ACE Manager 1.0 (KB 1758)
• Custom Message Not Displayed on Japanese Windows Systems (KB 1757)
• Checking for Updates on Web Fails in VMware ACE Manager (KB 1761)
• Installing VMware ACE Manager or VMware ACE Package on a Computer with a Different VMware Product (KB 1763)
• System Becomes Unresponsive When CD Package Creation Is Canceled (KB 1764)
• Host Quarantine Seems to Alternate Between Zones (KB 1768)
• USB Drive Doesn't Play Music CD in VMware ACE Virtual Machine (KB 1772)
• Returning to an Earlier Version of VMware ACE Manager (KB 1770)
• VMware ACE Virtual Machine with Powered On Snapshot May Show Unexpected Behavior (KB 1773)
• Upgrading VMware Tools in a Deployed VMware ACE Virtual Machine (KB 1762)
• Too Few VMware ACE Shortcuts Appear on End User's Desktop (KB 1771)
• Cleaning Up after an Incomplete VMware ACE Uninstall on a Windows Host (KB 1526)
• VMware ACE Sometimes Slow to Change Network Connection Type When Switching Zones (KB 1774)
• Time in VMware ACE Virtual Machine Runs Slowly After Host Resumes from Standby or Hibernate (KB 1780)
• Unable to Set Password After Installing VMware ACE Upgrade Package (KB 1778)
• Disconnected USB Device Still Shown in VMware ACE Toolbar (KB 1782)
• Cannot Use CD-ROM Drive in VMware ACE Virtual Machine if Certain Settings Are Selected (KB 1781)

You may also view a list of all knowledge base articles related to VMware ACE 1.0.1.