Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

a. VMware Tools Local Privilege Escalation on Windows-based guest OS

The VMware Tools Package provides support required for shared folders
(HGFS) and other features.

An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn’t matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.

The HGFS.sys driver is present in the guest operating system if the
VMware Tools package is loaded. Even if the host has HGFS disabled
and has no shared folders, Windows-based guests may be affected. This
is regardless if a host supports HGFS.

This issue could be mitigated by removing the VMware Tools package
from Windows based guests. However this is not recommended as it
would impact usability of the product.

NOTE: Installing the new hosted release or ESX patches will not
remediate the issue. The VMware Tools packages will need
to be updated on each Windows-based guest followed by a
reboot of the guest system.

VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.

VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later

Player 2.x Windows not affected
Player 2.x Linux not affected
Player 1.x Windows 1.0.6 build 80404 or later
Player 1.x Linux 1.0.6 build 80404 or later

ACE 2.x Windows not affected
ACE 1.x Windows 1.0.5 build 79846 or later

Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later

Fusion 1.x Mac OS/X not affected

ESXi 3.5 ESXi not affected

ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
ESX 3.0.1 ESX ESX-1004186
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later