Issues Resolved in VMware Server 1.0.4

* In previous releases, when a virtual machine configuration (.vmx) file contained the line serialX.HardwareFlowControl = TRUE, the modem control signals were not correctly handled. This release fixes that problem. Modem control signals are now strictly passed through between the virtual and the physical serial port.
* This release fixes a problem that caused Fedora Core 7 to fail with an ASSERT when issuing SCSI commands that have illegal targets. This problem is not clearly exploitable by a normal user.
* This release fixes a problem that could cause Linux virtual machines with VMI-enabled kernels to run very slowly after being rebooted repeatedly.
* This release fixes a problem that could cause a virtual machine to fail at power-on when using a sound card with more than two mixer channels on a Windows 32-bit host.
* This release fixes a problem that could cause a 64-bit Solaris 10 virtual machine to fail at power-on after being updated with Solaris Update Patch 125038-04.
* This release fixes a problem that resulted from a conflict between Linux guest operating systems with kernel version 2.6.21 and RTC-related processes on the host. This problem caused the virtual machine to quit unexpectedly.
* This release fixes a problem that caused the hostd to quit unexpectedly in virtual machines with a corrupted snapshot.
* This release fixes a problem that prevented virtual machines running Fedora Core 7 from properly recognizing LSILogic SCSI devices.
* This release fixes a problem that prevented the VMware vmmon module from building correctly on hosts running Linux with kernel version 2.6.20-rc1.
* This release fixes a problem that prevented the VMware vmnet module from building correctly on hosts running Linux with kernel versions higher than 2.6.21.
* This release fixes a problem that could corrupt the guest's memory on hosts running Linux with kernel versions higher than 2.6.21.
* This release fixes the following problem: when a user attempts to access a virtual machine through the Windows remote VMware Service Console, and the user does not have execute permission on the virtual machine configuration (.vmx) file, the display is blank with no indication of the actual problem. This release adds an error message in this circumstance, to advise the user that execute access is required to connect to the virtual machine with the VMware Service Console.
* This release fixes a problem with virtual machines running Red Hat Linux 7.1, kernel version 2.4.2, that caused the guest operating system to become unresponsive during the installation of VMware Tools, after the user selected the default display size.
* This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This problem could result in a security vulnerability from some images stored in virtual machines downloaded by the user.

Security Issues Resolved in VMware Server 1.0.4

* This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
* This release fixes a security vulnerability that could allow a guest operating system user without administrator privileges to cause a host process to become unresponsive or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
* This release fixes several security vulnerabilities in the VMware DHCP server that could enable a malicious web page to gain system-level privileges.
Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063.
* This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4059.
* This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to this issue: CVE-2007-4155.
* This release fixes a security vulnerability in which VMware Server was starting registered Windows services such as the Authorization service with "bare" (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability could allow a malicious user to escalate user privileges.
Thanks to Foundstone for discovering this vulnerability.
* This release fixes a problem that could cause user passwords to be printed in cleartext in some VMware Server logs.