Description: "Laurent Gaffié has discovered a vulnerability in VMware, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "vmware-authd" daemon when processing overly long strings. This can be exploited to terminate the "vmware-authd" process via e.g. an overly long "USER" string sent to TCP port 912. Successful exploitation allows e.g. denying virtual machine access to local unprivileged users. The vulnerability is confirmed in VMware Player 2.5.1 build 126130 and VMware Workstation 6.5.1 build 126130 on Windows. Other versions may also be affected." Exploit available: http://milw0rm.com/exploits/7647
Marked as ~3 cause i don't know if the stable versions in gentoo (app-emulation/vmware-player-1.0.7.91707 and app-emulation/vmware-workstation-5.5.7.91707) are vulnerable.
I guess we can resolve this since for both applications the only keyworded and stable version in tree is newer. Please reopen if you disagree.
Andreas, please refrain from closing bugs assigned to security@ in the future. If you have suggestions towards a bug's status, please add a comment and we will take care of it (sooner or later). Thanks.
