VMware Player 1.0.6 addresses the following security issues: - An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing. bug 221309, (Foundstone CODE-BUG-H-001) - This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. bug 224453 - A vulnerability in VMware Player running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations. bug 224522, (CORE-2007-0930) - A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware Player 1.0.6 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability. bug 236970), RSA Signature Forgery (CVE-2006-4339) - The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability. bug 241646 - The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges. bug 241675
VMware Player 2.0.3 addresses the following security issues: - On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360) - This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. (bug 224453)
Bugs Reported in VMware Player 2.0.2 and Fixed in This Release - On openSUSE Linux 10.3 hosts, USB devices cannot be used in a virtual machine unless you plug the USB device in to the host before powering on the virtual machine. (bug 177615) - On Windows hosts, after disabling shared folders the Properties button remains enabled. (bug 194070)
