Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Virtual Machine Communication Interface (VMCI) privilege escalation on Windows-based Workstation, Player, ACE and Server (1009826)

Details

A vulnerability in the vmci.sys driver might allow privilege escalation on Windows-based hosts.

This vulnerability affects the following applications if installed on a Windows system:

  • Workstation 6.5.0, 6.5.1, 6.5.2
  • Player 2.5.0, 2.5.1, 2.5.2
  • ACE 2.5.0, 2.5.1, 2.5.2
  • Server 2.0, 2.0.1

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1147 to this issue.

Solution

The vulnerability can be corrected by installing an updated VMCI driver. The updated VMCI driver and instructions on installing the driver are documented below.

A similar vulnerability is present on Windows-based guests. See Security Advisory VMSA-2009-0005 for more information.

To install the updated VMCI driver on the host

The following steps show how to replace the VMCI driver on Workstation 6.5.2, Player 2.5.2, ACE 2.5.2 and Server 2.0.1.

  1. Install VMware Workstation 6.5.2, Player 2.5.2, ACE 2.5.2 or Server 2.0.1.
  2. Login to the system as Administrator.
  3. Stop the VMCI service.
    a. Open the command prompt. For Windows Vista and Windows 2008 select Run as administrator to open the command prompt.
    b. Type sc query vmci.
    c. The STATE will display Running. If the STATE is not displayed as Running, proceed to step 4.
    d. Close VMware Workstation or VMware Server and any applications that are using the VMCI service.
    e. Type sc stop vmci.
  4. Download the appropriate driver for your system:
    http://download3.vmware.com/software/vi/vmciServer32bit.zip
    http://download3.vmware.com/software/vi/vmciServer64bit.zip
    http://download3.vmware.com/software/vi/vmciWorkstation32bit.zip
    http://download3.vmware.com/software/vi/vmciWorkstation64bit.zip
  5. After the download is complete, check the md5 checksum of the zip file against the following:
    VMware Workstation 6.5.2, VMware Player 2.5.2 and VMware ACE 2.5.2
    32 bit vmci.sys md5sum f5bc7ee411c22cbb0e60a354711578fd
    Sha1sum 7bb99c3665a7a9861a9a2e584250762dd6e6ad36
    64 bit vmci.sys md5sum 9d5f02b328a7e2c3f38b5cce46a65028
    Sha1sum 4303204647e5d997c01f4b8a499895e4b4bdea37
    VMware Server 2.0.1
    32 bit vmci.sys md5sum ca17fb9de2e66ac967cf8bea1facfbf1
    Sha1sum ede6eb64c0751165aae07f9dbcd72a69f9f1ddbd
    64 bit vmci.sys md5sum c2655bab1a3ea6495b691933c4489617
    Sha1sum 361536a68fa75b5594a8322822a80698c3fe478c
  6. For a 32-bit host, copy the 32-bit vmci.sys driver to %SystemRoot%\system32\drivers
    For a 64-bit host, copy the 64-bit vmci.sys driver to the VMware Workstation Server installation directory. The path is similar to the following examples:
    C:\Program Files (x86)\VMware\VMware Workstation
    C:\Program Files (x86)\VMware\VMware Server
    For a 64-bit host, you must also copy the 64-bit vmci.sys driver to %SystemRoot%\system32\drivers.
  7. Restart the system.
  8. Verify the version of the new driver.
    a. Right-click on vmci.sys and open the Properties window.
    b. Compare the File Version and the Product Version with the tables below to confirm the patch is applied correctly.

    File Version and Product Version without the updated VMCI driver:

    Product File Version Product Version

    VMware Workstation 6.5.2 GA, VMware Player 2.5.2 GA and VMware ACE 2.5.2 GA

    		 6.5.2.7026 6.5.2 build-156735

    VMware Server 2.0.1 GA

    		 3.1.0.2643 2.0.1 build-156745

    File Version and Product Version with the updated VMCI driver:

    Product File Version Product Version

    VMware Workstation 6.5.2 with the patch, VMware Player 2.5.2 with the patch and VMware ACE 2.5.2 with the patch

    		 6.5.2.7102 6.5.2 build-158223

    VMware Server 2.0.1 with the patch

    		 3.1.0.2652 2.0.1 build-158239

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 12 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 12 Ratings
Actions
KB: