VMware Player Release Notes

Features | Documentation | Knowledge Base | Discussion Forums | Downloads

Notes on VMware Player 1.0.6, Build 79688

Build 79688 is a release build of VMware Player.

The release notes contain the following:

• New in Version 1.0.6
• New in Version 1.0.5
• New in Version 1.0.4
• New in Version 1.0.3
• New in Version 1.0.2
• New in Version 1.0.1
• Key Features in Version 1.0
• Known Issues

New in Version 1.0.6

VMware Player 1.0.6 addresses the following security issues:

• An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.
  bug 221309, (Foundstone CODE-BUG-H-001)
• This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities.
  bug 224453
• A vulnerability in VMware Player running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations.
  bug 224522, (CORE-2007-0930)
• A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware Player 1.0.6 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability.
  bug 236970), RSA Signature Forgery (CVE-2006-4339)
• The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
  bug 241646
• The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges.
  bug 241675

New in Version 1.0.5

VMware Player 1.0.5 addresses the following security issues:

• This release fixes several security vulnerabilities in the VMware DHCP server that could enable a malicious web page to gain system-level privileges.
  Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063.
• This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.
  Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
• This release fixes a security vulnerability that could allow a guest operating system user without administrator privileges to cause a host process to become unresponsive or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.
  Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
• This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
  Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4059.
• This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
  Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to this issue: CVE-2007-4155.
• This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This problem could result in a security vulnerability from images stored in virtual machines downloaded by the user.
• This release fixes a security vulnerability in which VMware Player was starting registered Windows services such as the Authorization service with "bare" (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability could allow a malicious user to escalate user privileges.
  Thanks to Foundstone for discovering this vulnerability.

New in Version 1.0.4

VMware Player 1.0.4 addresses the following security issues:

• Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted.
  Thanks to Tavis Ormandy of Google for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE- 2007-1337 to this issue.
• Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems.
  Thanks to Sungard Ixsecurity for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1877 to this issue.
• Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment.
  Thanks to Ruben Santamarta of Reversemode for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue.
• In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures. (bug 152159)
  Thanks to Ken Johnson for identifying this issue.
  The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1876 to this issue.

In addition, VMware Player 1.0.4 fixes the following problem:

• A problem with VMware Tools caused the guest to run out of memory.

New in Version 1.0.3

Updated Support for Host Operating Systems

VMware Player 1.0.3 adds support for the following host operating systems:

• Red Hat Enterprise Linux 4.0, Update 4 (AS, ES, WS), 32-bit and 64-bit
• Red Hat Enterprise Linux 3.0, Update 8 (AS, ES, WS), 32-bit and 64-bit
• Experimental support for Red Hat Enterprise Linux 5.0, 32-bit and 64-bit
• Mandriva Corporate Server 4, 32-bit and 64-bit
• Experimental support for Mandriva Linux 2007, 32-bit and 64-bit
• Experimental support for Ubuntu Linux 6.10, 32-bit and 64-bit

Updated Support for Guest Operating Systems

VMware Player 1.0.3 adds support for the following guest operating systems:

• Red Hat Enterprise Linux 4.0, Update 4 (AS, ES, WS), 32-bit and 64-bit
• Red Hat Enterprise Linux 3.0, Update 8 (AS, ES, WS), 32-bit and 64-bit
• Experimental support for Red Hat Enterprise Linux 5.0, 32-bit and 64-bit
• Experimental enhanced support for Microsoft Windows Vista, 32-bit and 64-bit
• Mandriva Corporate Server 4, 32-bit and 64-bit
• Experimental support for Mandriva Linux 2007, 32-bit and 64-bit
• Experimental support for Solaris x86 10 6/06 (Update 2), 32-bit and 64-bit
• Experimental support for Ubuntu Linux 6.10, 32-bit and 64-bit

New in Version 1.0.2

Updated Support for Host Operating Systems

VMware Player 1.0.2 adds support for the following host operating systems:

• Windows Server 2003 R2, 32-bit, 64-bit
• Mandriva Linux 2006, 32-bit, 64-bit
• SUSE Linux Enterprise Server 10, 32-bit, 64-bit
• SUSE Linux Enterprise Server 9 SP3, 32-bit, 64-bit
• SUSE Linux 10.1, 32-bit, 64-bit
• Red Hat Enterprise Linux 3.0 update 7, 32-bit, 64-bit
• Experimental support for Red Hat Enterprise Linux 3.0 Update 8, 32-bit, 64-bit
• Red Hat Enterprise Linux 4.0 Update 3, 32-bit, 64-bit
• Experimental support for Red Hat Enterprise Linux 4.0 Update 4, 32-bit, 64-bit
• Ubuntu Linux 6.06, 32-bit, 64-bit
• Ubuntu Linux 5.10, 32-bit, 64-bit
• Ubuntu Linux 5.04, 32-bit, 64-bit

Updated Support for Guest Operating Systems

VMware Player 1.0.2 adds support for the following guest operating systems:

• Windows Server 2003 R2, 32-bit, 64-bit
• Mandriva Linux 2006, 32-bit, 64-bit
• SUSE Linux Enterprise Server 10, 32-bit, 64-bit
• SUSE Linux Enterprise Server 9 SP3, 32-bit, 64-bit
• SUSE Linux 10.1, 32-bit, 64-bit
• Red Hat Enterprise Linux 3.0 update 7, 32-bit, 64-bit
• Experimental support for Red Hat Enterprise Linux 3.0 Update 8, 32-bit, 64-bit
• Red Hat Enterprise Linux 4.0 Update 3, 32-bit, 64-bit
• Experimental support for Red Hat Enterprise Linux 4.0 Update 4, 32-bit, 64-bit
• Novell Netware 6.5 SP3, 32-bit
• Experimental support for FreeBSD 6.1, 32-bit, 64-bit
• Experimental support for FreeBSD 6.0, 32-bit, 64-bit
• Experimental support for Solaris x86 10, 10 Update 1, 32-bit, 64-bit
• Ubuntu Linux 6.06, 32-bit, 64-bit
• Ubuntu Linux 5.10, 32-bit, 64-bit
• Ubuntu Linux 5.04, 32-bit, 64-bit

Change in End User License Agreement (EULA) Display

VMware Player no longer displays the End User License Agreement (EULA) at installation. The EULA is now displayed when you launch VMware Player.

New in Version 1.0.1

This release addresses a security vulnerability that has been discovered in VMware Player. VMware believes that the vulnerability is very serious, and recommends that users install the VMware Player 1.0.1 update or disable NAT networking. For more information, see the following Knowledge Base articles:

• Security Response to Vulnerability in NAT Networking (KB 2000).
• Disabling the VMware NAT Service on the Host Computer (KB 2002).

Key Features in Version 1.0

Work and Play In a Virtual World with VMware Player

VMware Player is a free desktop application that lets you run a virtual machine on a Windows or Linux PC.

VMware Player provides an intuitive user interface for running preconfigured virtual machines created with VMware Workstation, GSX Server, and ESX Server. On Windows hosts, VMware Player also opens and runs Microsoft Virtual PC and Virtual Server virtual machines and Symantec LiveState Recovery system images. VMware Player includes features that let you configure virtual machines for optimal performance and take advantage of host machine devices. VMware Player enables you to share your virtual machines with colleagues, partners, customers, and clients who may not own VMware products. Simply by downloading VMware Player, anyone can open and run compatible virtual machines.

Download VMware Player and Virtual Machines

You can download VMware Player from
www.vmware.com/download/player/.

You can download documentation for the VMware Player at
www.vmware.com/pdf/VMwarePlayerManual10.pdf.

You can download a virtual machine to use with VMware Player at
www.vmware.com/vmtn/vm/.

Known issues with VMware Player

• On Windows hosts, if you use Workstation to shrink a virtual disk while VMware Player is running, after the shrink process completes, the display resolution for the guest running in the player incorrectly changes to the maximum available for the host video card and monitor.
  To work around this problem, reset the display resolution manually for the guest running in the player.



• VMware Player does not support the configuration option that sets virtual machines to enter full screen mode after powering on.
  This option is set in the configuration (.vmx) file:
  gui.fullScreenAtPowerOn = "TRUE")
  If this option is set, (for example, because the virtual machine is used in Workstation with this setting), VMware Player enters full screen mode, but the menu and tool bar at the top of the window are not displayed.