VMware

Workstation 5.5 Release Notes

Features | Documentation | Knowledge Base | Discussion Forums

Release Date: November 06, 2008
Build Number: 126128

VMware Workstation lets you use your virtual machines to run Windows, Linux and a host of other operating systems side-by-side on the same computer. This Release Notes document contains new features, limitations, caveats, security fixes, and general release information.

This document covers the following topics:

What's New in VMware Workstation 5.5.x

This section lists all VMware Workstation 5.5.x maintenance releases.

What's New in Workstation 5.5.3

Workstation 5.5.3 supports the following:

  • Updated Support for Host Operating Systems
    • Red Hat Enterprise Linux 4.0, Update 4 (AS, ES, WS), 32-bit and 64-bit
    • Red Hat Enterprise Linux 3.0, Update 8 (AS, ES, WS), 32-bit and 64-bit
    • Experimental support for Red Hat Enterprise Linux 5.0, 32-bit and 64-bit
    • Mandriva Corporate Server 4, 32-bit and 64-bit
    • Experimental support for Mandriva Linux 2007, 32-bit and 64-bit
    • Experimental support for Ubuntu Linux 6.10, 32-bit and 64-bit
  • Updated Support for Guest Operating Systems
    • Red Hat Enterprise Linux 4.0, Update 4 (AS, ES, WS), 32-bit and 64-bit
    • Red Hat Enterprise Linux 3.0, Update 8 (AS, ES, WS), 32-bit and 64-bit
    • Experimental support for Red Hat Enterprise Linux 5.0, 32-bit and 64-bit
    • Experimental enhanced support for Microsoft Windows Vista, 32-bit and 64-bit
    • Mandriva Corporate Server 4, 32-bit and 64-bit
    • Experimental support for Mandriva Linux 2007, 32-bit and 64-bit
    • Experimental support for Solaris x86 10 6/06 (Update 2), 32-bit and 64-bit
    • Experimental support for Ubuntu Linux 6.10, 32-bit and 64-bit

What's New in Workstation 5.5.2

Workstation 5.5.2 provides the following support.

  • Updated Support for Host Operating Systems
    • Windows Server 2003 R2, 32-bit, 64-bit
    • Mandriva Linux 2006, 32-bit, 64-bit
    • SUSE Linux Enterprise Server 10, 32-bit, 64-bit
    • SUSE Linux Enterprise Server 9 SP3, 32-bit, 64-bit
    • SUSE Linux 10.1, 32-bit, 64-bit
    • Red Hat Enterprise Linux 3.0 update 7, 32-bit, 64-bit
    • Experimental support for Red Hat Enterprise Linux 3.0 Update 8, 32-bit, 64-bit
    • Red Hat Enterprise Linux 4.0 Update 3, 32-bit, 64-bit
    • Experimental support for Red Hat Enterprise Linux 4.0 Update 4, 32-bit, 64-bit
    • Ubuntu Linux 6.06, 32-bit, 64-bit
    • Ubuntu Linux 5.10, 32-bit, 64-bit
    • Ubuntu Linux 5.04, 32-bit, 64-bit
  • Updated Support for Guest Operating Systems
    • Windows Server 2003 R2, 32-bit, 64-bit
    • Mandriva Linux 2006, 32-bit, 64-bit
    • SUSE Linux Enterprise Server 10, 32-bit, 64-bit
    • SUSE Linux Enterprise Server 9 SP3, 32-bit, 64-bit
    • SUSE Linux 10.1, 32-bit, 64-bit
    • Red Hat Enterprise Linux 3.0 update 7, 32-bit, 64-bit
    • Experimental support for Red Hat Enterprise Linux 3.0 Update 8, 32-bit, 64-bit
    • Red Hat Enterprise Linux 4.0 Update 3, 32-bit, 64-bit
    • Experimental support for Red Hat Enterprise Linux 4.0 Update 4, 32-bit, 64-bit
    • Novell NetWare 6.5 SP5, 32-bit
    • Experimental support for FreeBSD 6.1, 32-bit, 64-bit
    • Experimental support for FreeBSD 6.0, 32-bit, 64-bit
    • Experimental support for Solaris x86 10, 10 Update 1, 32-bit, 64-bit
    • Ubuntu Linux 6.06, 32-bit, 64-bit
    • Ubuntu Linux 5.10, 32-bit, 64-bit
    • Ubuntu Linux 5.04, 32-bit, 64-bit
  • Updated End User License Agreement (EULA) Display
    Workstation 5.5.2 no longer displays the End User License Agreement (EULA) at installation. The EULA is now displayed when you launch Workstation.

What's New in Workstation 5.5.1

This release addresses a security vulnerability that has been discovered in Workstation. Since this issue is serious, VMware recommends that you install the Workstation 5.5.1 update or disable NAT networking. For more information, see the following Knowledge Base articles:

What's New in Workstation 5.5

Support for the following operating systems

Workstation 5.5 introduces support for virtual machines with 64-bit guest operating systems, running on host machines with the following processors: AMD™ Athlon™ 64, revision D or later; AMD Opteron™, revision E or later; AMD Turion™ 64, revision E or later, AMD Sempron™, 64-bit-capable revision D or later (experimental support); and Intel® EM64T VT-capable processors (experimental support). See Before You Begin.

64-bit guest operating system support added for Windows Vista x64 Edition (experimental), Windows Server 2003 SP1, Windows XP Pro, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 3, SUSE Linux 10, SUSE Linux Enterprise Server 9, SUSE Linux Pro 9.3, SUSE Linux Pro 9.2, SUSE Linux Pro 9.1, Solaris 10 (experimental), FreeBSD 5.3 (experimental), FreeBSD 5.4 (experimental), Ubuntu Linux 5.10 (experimental), Ubuntu Linux 5.04 (experimental).

64-bit host operating system support added for Windows XP Pro, SUSE Linux 10, SUSE Linux Pro 9.3, Ubuntu Linux 5.10 (experimental), Ubuntu Linux 5.04 (experimental)
Note: For the most recent listing of supported guest and host operating systems, see the Guest Operating System Installation Guide

Experimental support for two-way Virtual Symmetric Multiprocessing (Virtual SMP) enables multiprocessor virtual machines

For all supported configurations of 32-bit and 64-bit host and guest operating systems running on multiprocessor host machines, Workstation provides experimental support for two-way Virtual SMP. This enables you to assign two virtual processors to a virtual machine. You can assign two processors to the virtual machine only if the host machine has at least two logical processors. See Before You Begin.

VMware Player gives you greater flexibility in distributing virtual machines

VMware Player is a free desktop application that lets you run a virtual machine on a Windows or Linux PC. VMware Player provides an intuitive user interface for running preconfigured virtual machines created with VMware Workstation, GSX Server, and ESX Server. On Windows hosts, the player also opens and plays Microsoft Virtual PC and Virtual Server virtual machines and Symantec LiveState Recovery system images. VMware Player makes your VMware virtual machines accessible to colleagues, partners, customers, and clients who do not own VMware products.

Note: Using VMware Player is subject to the VMware Player End User License terms, and no support (including Support and Subscription) is provided by VMware for VMware Player. For self-help resources, see the VMware Player FAQ. You can also check the VMware Player Discussion Forum. The Forum is a site where VMTN members exchange information, questions, and comments regarding VMware products, services, and product support issues.

Improved support for 32-bit host and guest operating systems

32-bit host operating system support added for Red Hat Enterprise Linux 4.0 update 2 (beta), SUSE Linux 10, Ubuntu Linux 5.10 (experimental), Ubuntu Linux 5.04 (experimental)

32-bit guest operating system support added for Red Hat Linux Advanced Server 3.0, SUSE Linux 10, SUSE Linux 9.3, SUSE Linux Pro 9.2, FreeBSD 5.3, FreeBSD 5.4, Ubuntu Linux 5.10, Ubuntu Linux 5.04, Turbolinux Desktop 10

Note: For the most recent listing of supported guest and host operating systems, see the Guest Operating System Installation Guide

Workstation emulates Ethernet adapter type for 64-bit guests

For Workstation virtual machines with supported 64-bit guest operating systems, Workstation 5.5 emulates an Ethernet adapter type: the Intel PRO/1000 MT Adapter.

Workstation 5.5 driver certification updates

To maintain high quality and provide the best user experience, Workstation includes updated device drivers that are digitally signed. Workstation 5.5 completed and passed Microsoft's Designed for Windows XP 32-bit and 64-bit program.

Enhanced import capability of Workstation

Improved import capability lets you open and import Microsoft Virtual PC and Virtual Server virtual machines, as well as Symantec LiveState Recovery system images, directly into Workstation.
In Workstation 5.5, the VMware Virtual Machine Importer, formerly available only as a standalone utility, is incorporated into the Workstation program for Windows hosts. When you upgrade to Workstation version 5.5, you no longer need the standalone VMware Virtual Machine Importer application to convert Microsoft Virtual PC and Virtual Server virtual machines, as well as Symantec LiveState Recovery and Norton Ghost system images to a VMware virtual machine: you can open and convert virtual machines and system images directly from Workstation. You can import virtual machines and system images from the following versions of Microsoft Virtual PC, Virtual Server, Symantec LiveState Recovery, and Norton Ghost:

  • Microsoft Virtual PC, version 7 and later
  • Microsoft Virtual Server, all versions
  • Symantec LiveState Recovery Desktop, all versions
  • Symantec LiveState Recovery Standard Server, all versions
  • Symantec LiveState Recovery Advanced Server, all versions
  • Norton Ghost, version 9 and later

Enhanced user interface to let you customize Workstation toolbars to suit your work style on Windows hosts

On Windows hosts, you can customize Workstation toolbars by adding and removing the power, view, and snapshot toolbars, and by adding, removing, and rearranging the buttons in those toolbars. The figure shows the Customize Toolbar window for the power toolbar.

image: Customize Toolbar window

Enhanced support for wireless Ethernet adapters used in bridged networking

Workstation 5.5 adds support for wireless Ethernet adapters used in bridged networking to let you connect your virtual machines to wireless networks on Linux hosts. Support for wireless Ethernet adapters is already available for Workstation on Windows hosts.

Enhanced auto detection makes it easier to configure devices for virtual machines

Workstation extends existing auto detect support for CD-ROM drives to other hardware devices. You can now set a virtual machine to automatically detect the following hardware devices automatically:

  • CD-ROM drive
  • Floppy drive
  • Sound adapters
  • Parallel port
  • Serial port

Enhanced auto connect automatically reconnects manually connected USB devices

When you manually connect a USB device in Workstation 5.5, Workstation retains the virtual machine’s connection to the affected port on the host machine. You can then suspend or power off the virtual machine, or unplug the device. When you plug the device back in or resume the virtual machine, Workstation reconnects the device automatically.

Enhanced snapshot management makes it easier to work with snapshots

In the snapshot manager, you can now select and delete multiple snapshots at once.

Enhanced command line interface helps you manage snapshots

Workstation 5.5 enhances the command line interface (vmrun) so you can manage snapshots of virtual machines more easily. With simple vmrun commands, you can now quickly create, delete, list, and go to specific snapshots.

Memory page trimming can be disabled to improve performance

To improve performance, you can now disable memory page trimming from the user interface, in VM > Settings > Options > Advanced.

Enhanced product update checking makes it more convenient to keep your Workstation software up to date

Automatic checking for Workstation product updates has been enhanced. In Edit > Preferences, the Workspace tab now shows the time and result of the most recent automatic check for updates, and the time of the next scheduled check. The Workspace tab also now includes a Check now button, so you can check for product updates manually at any time from Edit > Preferences.

On Linux hosts, the user interface has been enhanced to work better with desktop appearance themes

On Linux hosts, the Workstation user interface has been redesigned to better represent your chosen desktop appearance theme, and to work correctly with high- and low-contrast themes designed to increase accessibility for the visually impaired.

Workstation 5.5 extends the display resizing features Autofit Guest and Fit Guest Now to Linux guests

The Autofit Guest feature changes the guest operating system display resolution to match the console window size. Fit Guest Now resizes the guest operating system's display so it fills as much of the screen as possible in quick switch mode. For the display resizing options to work, you must update VMware Tools to version 5.5 in the guest, and VMware Tools must be running. If you have virtual machines that were suspended under a version of VMware Tools before version 5.5, display resizing does not work until the virtual machines are completely powered off and then powered on again (rebooting the virtual machine is not sufficient). Powering the suspended virtual machines off and on can be done before or after updating VMware Tools.
Caution: If you update VMware Tools without powering off and powering on suspended virtual machines, and then attempt to resize the guest, the display is corrupted. All the restrictions on resizing that the X11 Windows system imposes on physical hosts still apply to guests.
Note: The Autofit Guest and Fit Guest Now features are already supported for Windows guests.

Before You Begin

On Windows hosts, Workstation 5.5 requires more hard disk space for installation than previous versions of Workstation. On Windows hosts, a minimum of 250MB of free disk space is now required for basic installation.

Support for 64-Bit Guest Operating Systems

Workstation 5.5 supports virtual machines with 64-bit guest operating systems only on host machines that have one of the supported 64-bit processors:

  • AMD Athlon 64, revision D or later
  • AMD Opteron, revision E or later
  • AMD Turion 64, revision E or later
  • AMD Sempron, 64-bit-capable revision D or later (experimental support)
  • Intel EM64T VT-capable processors (experimental support)
When you power on a virtual machine with a 64-bit guest operating system, Workstation performs an internal check: if the host CPU is not a supported 64-bit processor, you cannot power on the virtual machine. VMware also provides a standalone utility that you can use without Workstation to perform the same check and determine whether your CPU is supported for Workstation virtual machines with 64-bit guest operating systems. You can download the 64-bit processor check utility from the VMware Web download site.

Note: In shopping for a processor that is compatible with Workstation 5.5 64-bit guests, you might be unable to determine the revision numbers of a given vendor's offering of AMD Athlon 64, Opteron, Turion 64, or Sempron processors. At this time, the only reliable way to determine whether any of these processors is a revision supported by Workstation 5.5, is by the manufacturing technology (CMOS): any of the AMD Athlon 64, Opteron, Turion 64, or Sempron processors whose manufacturing technology is 90nm SOI (.09 micron SOI) is compatible with Workstation 5.5 64-bit guests. Using this information, you can determine — with your vendor, or from the AMD Web site — whether a particular AMD processor model is compatible with Workstation 5.5 64-bit guests.

Virtual machines with 64-bit operating systems are supported only for Workstation version 5.5. A virtual machine created in Workstation version 5.5 with a 64-bit operating system cannot be powered on or resumed in Workstation versions 5.0 and earlier. Also, virtual machines with 64-bit operating systems are not supported for VMware products other than Workstation 5.5.

If your host machine has a 32-bit processor or a 64-bit processor that is not supported, Workstation does not support 64-bit guest operating systems. If your host machine has a supported 64-bit processor, you can run supported 32-bit and 64-bit operating systems in either the host or a guest, in any combination.

Experimental Support for Two-Way Virtual SMP

For all supported configurations of 32-bit and 64-bit host and guest operating systems running on multiprocessor host machines, Workstation 5.5 provides experimental support for two-way Virtual SMP. This includes any SMP hardware, including dual-core systems and hyper threaded uniprocessor systems.

Guests with more than two virtual processors are not supported in Workstation 5.5. However, you can power on and run multiple two-way Virtual SMP virtual machines concurrently.

You can set the number of processors for the virtual machine in the virtual machine settings editor (VM > Settings), in the Hardware tab under Processors. The number of virtual processors is also displayed in the summary view of the virtual machine. You can also set the number of virtual processors when you create a virtual machine in the New Virtual Machine Wizard. This setting is available only if you choose to create a custom configuration; it does not appear in the typical configuration.

You can assign up to two virtual processors to a virtual machine, in both 32-bit and 64-bit guests. For this experimental feature, Workstation 5.5 allows you to power on and resume two-way Virtual SMP guests only on host machines with at least:

  • A single-processor or multiprocessor host with a dual-core CPU
  • A multiprocessor host with two or more CPUs
  • A single-processor or multiprocessor host with hyper threading enabled
    Note: On hyper threaded uniprocessor hosts, performance of virtual machines with virtual SMP might be sub par.
If the host does not have at least two logical processors, assigning two virtual processors is neither supported nor recommended: a warning message appears. You can disregard this message and assign two virtual processors to the virtual machine, but, once you have finished creating the virtual machine, you might not be able to power it on unless you move it to a host machine with at least two logical processors.

You can use Workstation 5.5 or later, running on a multiprocessor host machine, to open a virtual machine, created in VMware ESX Server, that has one or more virtual processors. However, in Workstation you cannot power on or resume a virtual machine that has more than two virtual processors assigned, even if more processors were assigned when the virtual machine was created in ESX Server.

If you use Workstation to open a virtual machine that has more than two virtual processors assigned, the virtual machine’s summary view and the virtual machine settings editor (VM > Settings) display the number of processors as Other (x), where x is the number of processors originally assigned in ESX Server. Workstation preserves this original configuration setting for the number of processors, even though two is the maximum number of processors supported. You must change this setting to two processors before you can power on the virtual machine in Workstation. Note that once you commit a change to this setting, by clicking OK in VM > Settings, the original setting for number of processors is discarded, and no longer appears as an option in VM > Settings.

Virtual machines with Virtual SMP are supported only for Workstation version 5.5. A virtual machine created in Workstation version 5.5 with two virtual processors cannot be powered on or resumed in Workstation versions 5.0 and earlier. Also, if you suspend an SMP guest in Workstation 5.5, you cannot resume the virtual machine in Workstation 5.0 and earlier versions.

Compatibility of Programs

The standalone VMware Virtual Machine Importer v1.0 is not compatible with Workstation 5.5. If you currently have the standalone VMware Virtual Machine Importer v1.0 (build 12997) installed, when you install Workstation 5.5, the Workstation installer requires you to manually uninstall Virtual Machine Importer v1.0. If you currently have Workstation 5.5 installed, do not attempt to install VMware Virtual Machine Importer v1.0. The version 1.0 importer cannot be installed over Workstation 5.5. Attempting this installation damages the Workstation installation and disables the import capability built into Workstation 5.5.

The standalone VMware Virtual Machine Importer 1.5 is compatible with Workstation 5.5. You can install both programs on the same machine. The Windows Control Panel > Add or Remove Programs contains entries for VMware Virtual Machine Importer 1.5 and Workstation 5.5. The Virtual Machine Importer files are available until you uninstall both the Importer and the Workstation applications.

Upgrade VMware Tools

Be sure to upgrade VMware Tools to the version included in this release. VMware Tools contains new drivers and performance enhancements to improve your entire Workstation experience.

Known Issues

This section describes all known issues found in Workstation 5.5.x releases.

Workstation 5.5.4

The following is a known issue in Workstation 5.5.4.
On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system.

Workstation 5.5.3

  • Workstation 5.5.3 does not support USB for Solaris guests.
  • Fit Guest to Window and Full Screen options corrupt display on Mandriva Linux 2006 guests running version 6.8.99 of the X.Org X Windows system.
    In virtual machines running Mandriva Linux 2006, with version 6.8.99 of the X.Org X Windows System, if you enable the option Fit Guest to Window, or if you switch to Full Screen mode, the display becomes corrupted. To work around this issue, upgrade to X.Org version 6.9. For more information, consult the documentation included with your distribution of Mandriva Linux 2006.
  • Workstation fails to install on 64-bit Linux hosts unless 32-bit compatibility libraries are installed in host.
    Some 64-bit Linux host operating systems don't install 32-bit compatibility libraries by default. Workstation runs on 64-bit systems, but needs the 32-bit compatibility libraries installed. When you try to install Workstation on a 64-bit Linux host without the 32-bit compatibility libraries, an error message similar to the following might appear:
    /usr/bin/ldd: line 171: /lib/ld-linux.so.2: No such file or directory
    Workaround
    Install a 32-bit compatibility package for your Linux distribution. The name of the 32-bit compatibility package varies across distributions. For example, for Ubuntu you must install the ia32-libs and ia32-libs-gtk packages. See your distribution's documentation or Web site to determine the 32-bit compatibility package for your distribution.
  • On Linux guests that have SELinux enabled, accessing shared folders (/mnt/hgfs) fails with kernel oops error messages.
    Workaround:
    Disable SELinux in your guest. Refer to your guest operating system documentation for more information about SELinux and how to disable it. After disabling the SELinux, you can access shared folders.
  • In guests running Red Hat Enterprise Linux 5.0 or Ubuntu Linux 6.10 (or any Linux guests that use X.Org X Windows system versions 7.1 or higher) the Workstation 5.5.x VMware Tools installer does not install drivers for X Windows, and consequently the mouse does not perform correctly.
    The Workstation 5.5.x VMware Tools installer does not yet recognize X.Org versions 7.1 and higher. Workstation-supported Linux distributions that use X.Org versions 7.1 and higher typically include working VMware video and mouse drivers. VMware Tools can automatically choose the included video driver, but you must set the mouse driver manually:
    1. Install the vmmouse driver. Depending on the Linux distribution, the method for installing it varies, but the vmmouse driver package has vmmouse in the name.
    2. Edit the ServerLayout section of the file /etc/X11/xorg.conf so that it includes the following entry:
      InputDevice "Mouse[0]" "CorePointer"
    3. The file /etc/X11/xorg.conf also includes an InputDevice section for the primary mouse. Edit this section as follows:
      Section "InputDevice"
         Identifier "Mouse[0]"
         Driver "vmmouse"
         Option "Device" "/dev/input/mice"
         Option "Name" "VMware Pointing Device"
      EndSection
    The mouse must now function properly.

Resolved Issues

This section describes all issues resolved in Workstation 5.5.x releases.

Fixed in 5.5.9 | Fixed in 5.5.8 | Fixed in 5.5.7 | Fixed in 5.5.6 | Fixed in 5.5.5 | Fixed in 5.5.4

Workstation 5.5.9

Workstation 5.5.9 addresses the following security issue:

VMware Addresses Privilege Escalation on Guest Systems Running 32-Bit or 64-Bit Operating Systems

VMware products emulate hardware functions and create the possibility to run guest operating systems.
A flaw in the CPU hardware emulation might allow the virtual CPU to incorrectly handle the trap flag. Exploitation of this flaw might lead to a privilege escalation on guest operating systems. An attacker needs a user account on the guest operating system and have the ability to run applications.
The Common Vulnerabilities and Exposures has assigned the name CVE-2008-4915 to this issue.

Workstation 5.5.8

Workstation 5.5.8 addresses the following security issues:

Setting ActiveX killbit

Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the KB 240797 from Microsoft and the related references on this topic.
Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of-service or allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user.
Note:
IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested.
Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls.
To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions.
The Common Vulnerabilities and Exposures has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls.

Update to FreeType

FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to its latest version 2.3.7.
The Common Vulnerabilities and Exposures has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in FreeType 2.3.6.

Security Fix for Local Privilege Escalation on Host System

This release fixes a privilege escalation vulnerability in the host operating system. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2008-3698 to this issue.

Workstation 5.5.7

Workstation 5.5.7 release resolves the issue where virtual machines fail unexpectedly after a Symantec virus definition update from version 213 to version 220.

Workstation 5.5.6

Workstation 5.5.6 addresses the following security issues:

  • An internal security audit determined that a malicious user might attain the Local System privileges. The user might make the authd process connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user might successfully impersonate authd and attain privileges under which authd is running.
    (Foundstone CODE-BUG-H-001)
  • This release updates the libpng library version to 1.2.22 to remove various security vulnerabilities.
  • A vulnerability in VMware Workstation running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations.
    (CORE-2007-0930)
  • A security vulnerability in OpenSSL 0.9.7j might make it possible to forge a RSA key signature. Workstation 5.5.6 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability.
    RSA Signature Forgery (CVE-2006-4339)
  • The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
  • The config.ini file might be modified by non-administrator to change the VMX launch path. This created a vulnerability that might be exploited to escalate a user's privileges.

Workstation 5.5.5

Workstation 5.5.5 addresses the following issues:

  • This release fixes an issue that prevented template virtual machines stored in read-only directories from being opened.
  • This release fixes an issue that caused Workstation 5.5.x to incorrectly display Workstation 6.0 virtual machines as Current virtual machines for Workstation 5.5.x.
  • This issue can occur if the Microsoft XML Parser msxmlx.inf files have been corrupted by some activity on your host. For more information, see VMware Knowledge Base article 2038.

Security Fixes

  • This release fixes an issue that prevented VMware Player from launching. This issue was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This issue might result in a security vulnerability from some images stored in virtual machines downloaded by the user.
  • This release fixes several security vulnerabilities in the VMware DHCP server that might enable a malicious Web page to gain system-level privileges.
    The Common Vulnerabilities and Exposures assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, and CVE-2007-0063.
    Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
  • This release fixes a security vulnerability that might allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
    The Common Vulnerabilities and Exposures assigned the following name to this issue: CVE-2007-4059.
    Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  • This release fixes a security vulnerability that might allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
    The Common Vulnerabilities and Exposures assigned the following names to this issue: CVE-2007-4155.
    Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
  • This release fixes a security vulnerability that might allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially run arbitrary code on the host. The Common Vulnerabilities and Exposures assigned the following name to this issue: CVE-2007-4496.
    Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
  • This release fixes a security vulnerability that might allow a guest operating system user without administrator privileges to cause a host process to stop responding or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures assigned the following name to this issue: CVE-2007-4497.
    Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
  • This release fixes a security vulnerability in which Workstation was starting registered Windows services such as the Authorization service with bare (unquoted) paths, such as C:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability might allow a malicious user to escalate user privileges.
    Thanks to Foundstone for discovering this vulnerability.

Workstation 5.5.4

Workstation 5.5.4 fixes the issue where VMware Tools cause the guest to run out of memory.

Security Fixes

  • Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue might be used to cause a successful denial-of-service attack where the virtual machine must be rebooted.
    The Common Vulnerabilities and Exposures assigned the name CVE- 2007-1337 to this issue.
    Thanks to Tavis Ormandy of Google for identifying this issue.
  • Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user might instruct the virtual machine process (VMX) to store malformed data, causing an error. This error might enable a successful denial-of-service attack on guest operating systems.
    The Common Vulnerabilities and Exposures assigned the name CVE-2007-1877 to this issue.
    Thanks to Sungard Ixsecurity for identifying this issue.
  • Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPF) in Windows guest operating systems. A malicious user might use this vulnerability to cause Windows virtual machines to fail.
    The Common Vulnerabilities and Exposures assigned the name CVE-2007-1069 to this issue.
    Thanks to Ruben Santamarta of Reversemode for identifying this issue.
  • In a 64-bit Windows guest on a 64-bit host, debugging local programs might create system instability. Using a debugger to step into a syscall instruction might corrupt the virtual machine's register context. This corruption produces unpredictable results, including corrupted stack pointers, kernel bugchecks, or VMX process failures.
    The Common Vulnerabilities and Exposures assigned the name CVE-2007-1876 to this issue.
    Thanks to Ken Johnson for identifying this issue.
  • Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host's file system. A vulnerability exists that might allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default.
    The Common Vulnerabilities and Exposures assigned the name CVE-2007-1744 to this issue.
    Thanks to Greg MacManus of iDefense Labs for identifying this issue.
You can also download a list of bugs reported in Workstation 5.5.4 (and earlier versions) that were fixed for the Workstation 5.5.5 release. (Download PDF)

Knowledge Base Articles

If you encounter any of the issues listed below, click the appropriate link or go to the VMware knowledge base and enter the article number as your search term.

You may also view a list of all knowledge base articles related to Workstation 5.5.