VMware Authorization Service Haunted by DoS Vulnerability

A security research firm has issued a warning for a vulnerability in multiple VMware products that can be exploited by malicious people to cause a denial-of-service condition.

The vulnerability is caused due to an error in the VMware Authorization Service when processing login requests.

A security research firm has issued a warning for a vulnerability in multiple VMware products that can be exploited by malicious people to cause a denial-of-service condition.

The vulnerability is caused due to an error in the VMware Authorization Service when processing login requests.

This can be exploited to terminate the “vmware-authd” process via “USER” or “PASS” strings containing e.g. ‘xFF’ characters, sent to TCP port 912, according to a Secunia advisory.

The vulnerability is confirmed in vmware-authd.exe version 6.5.3.8888 included in VMware Workstation 6.5.3 build 185404, and reported in VMware Player 2.5.3 build 185404. Other products and versions may also be affected.

In the absence of a patch, VMWare users are urged to restrict access to TCP port 912 to trusted users only.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.