VMware Server Release Notes

What's in These Release Notes

Build 91891 is a release build of VMware Server 1.0.6. The release notes cover the following topics:

Key Features in VMware Server
Resolved Issues
Technical Document References
Getting Started
Known Issues

Key Features in VMware Server

What's New in Version 1.0.6

Version 1.0.6 is a maintenance bug fix release. See Resolved Issues for information on what has been fixed.

What's New in Version 1.0.5

Version 1.0.5 is a maintenance bug fix release to address security issues. See Resolved Issues for information on what has been fixed.

In addition, Version 1.0.5 improves Remote Console performance and screen refreshing.

What's New in Version 1.0.4

Version 1.0.4 is a maintenance bug fix release to address security issues. See Resolved Issues for information on what has been fixed.

What's New in Version 1.0.3

Version 1.0.3 is a maintenance bug fix release to address security issues. See Resolved Issues for information on what has been fixed.

What's New in Version 1.0.2

Version 1.0.2 is a maintenance bug fix release to improve on VMware Server 1.0.1. See Resolved Issues for information on what has been fixed.

Version 1.0.2 also incorporates the following new feature:

Blinking text is now supported in VGA mode

Add the following settings to the .vmx virtual machine configuration file to enable blinking in VGA mode:

To enable blinking, set vga.enableBlink to TRUE. To disable blinking, set vga.enableBlink to FALSE.
To specify the blink rate, set vga.blinkPeriod to a value in milliseconds.

What's New in Version 1.0.1

Version 1.0.1 is a maintenance release of VMware Server. It incorporates the following key change:

Performance Improvements on Intel EM64T CPUs
Virtual machines on 64-bit Windows host computers with Intel EM64T CPUs show significant performance improvements.

What's New in Version 1.0

VMware Server 1.0 is a free virtualization product for Microsoft Windows and Linux servers that enables you to provision new server capacity by partitioning a physical server into multiple virtual machines.

VMware Server 1.0 includes:

Support for 32-bit and 64-bit Operating Systems

Full support for SUSE Linux 10.1 as host and guest operating systems.
Full support for 32-bit Ubuntu 6.x as host and guest operating systems.
Full support for 32-bit Sun Solaris 10.x as guest operating systems.
Full support for 32-bit and 64-bit FreeBSD 6.0 as guest operating systems.
Experimental support for Red Hat Enterprise Linux 3.0 Update 8 and Red Hat Enterprise Linux 4.0 Update 4.
Experimental support for 64-bit Ubuntu 6.x as host and guest operating systems.
Experimental support for 64-bit Sun Solaris 10.x as guest operating systems.
Support for all guest operating systems supported by Workstation 5.5.
Support for all host operating systems supported by VMware Server GSX 3.2.

New Key Features

Support for taking and reverting to snapshots in the background.
Experimental support for two-way Virtual Symmetric Multiprocessing (Virtual SMP). This lets you assign two virtual processors to a virtual machine on any host machine that has at least two logical processors.
Support for using and upgrading legacy virtual machines.
Ability to configure virtual hardware devices, including serial and parallel ports, DVD/CD-ROM drives, floppy drives, and sound drivers (Linux only) to be automatically detected.

Other VMware Products Supported by VMware Server

Support for using the VMware Server Console to connect to and configure VMware GSX Server 3 hosts as well as to run virtual machines on VMware GSX Server 3 hosts.
Support for VirtualCenter version 1.4 to manage virtual machines running on VMware Server.
Support for VMware Virtual Machine Importer version 1.5 to import virtual machines from Microsoft Virtual Server and Virtual PC as well as Symantec LiveState recovery system images.
Support for VMware DiskMount Utility to mount a Microsoft Windows host file system as a separate drive without connecting to the virtual disk from within a virtual machine.

VMware APIs included with VMware Server

The Programming API (previously called C API).
The VmCOM API (Windows hosts only).
The VmPerl API.

For more detailed information about the features included in VMware Server 1.0, see the VMware Server Virtual Machine Guide. Review the Known Issues section for additional information.

Resolved Issues

Issues Resolved in VMware Server 1.0.6

Virtual machines fail unexpectedly after a Symantec virus definition update from version 213 to version 220.
bug 252341
Previous versions of VMware Server allowed using the VIX API from the guest operating system. In VMware Server 1.0.6 this is no longer allowed by default. This feature can be enabled in VMware Server 1.0.6 by setting a new parameter in the configuration (.vmx) file: vix.inGuest.enable="TRUE"

Security Issues Resolved in VMware Server 1.0.5

A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware Server 1.0.5 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability.
bug 216497, RSA Signature Forgery (CVE-2006-4339)
An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which authd is executing.
bug 235420, (Foundstone CODE-BUG-H-001)
An internal security audit determined that a malicious user could exploit an insecurely created named pipe object to escalate privileges or create a denial-of-service attack.
bug 235833, (Foundstone CODE-BUG-H-002)
This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities.
bug 237049
A vulnerability in VMware Workstation running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations.
bug 240000, (CORE-2007-0930)
The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
bug 241648
The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges.
bug 241677

Issues Resolved in VMware Server 1.0.4

In previous releases, when a virtual machine configuration (.vmx) file contained the line serialX.HardwareFlowControl = “TRUE”, the modem control signals were not correctly handled. This release fixes that problem. Modem control signals are now strictly passed through between the virtual and the physical serial port.
This release fixes a problem that caused Fedora Core 7 to fail with an ASSERT when issuing SCSI commands that have illegal targets. This problem is not clearly exploitable by a normal user.
This release fixes a problem that could cause Linux virtual machines with VMI-enabled kernels to run very slowly after being rebooted repeatedly.
This release fixes a problem that could cause a virtual machine to fail at power-on when using a sound card with more than two mixer channels on a Windows 32-bit host.
This release fixes a problem that could cause a 64-bit Solaris 10 virtual machine to fail at power-on after being updated with Solaris Update Patch 125038-04.
This release fixes a problem that resulted from a conflict between Linux guest operating systems with kernel version 2.6.21 and RTC-related processes on the host. This problem caused the virtual machine to quit unexpectedly.
This release fixes a problem that caused the hostd to quit unexpectedly in virtual machines with a corrupted snapshot.
This release fixes a problem that prevented virtual machines running Fedora Core 7 from properly recognizing LSILogic SCSI devices.
This release fixes a problem that prevented the VMware vmmon module from building correctly on hosts running Linux with kernel version 2.6.20-rc1.
This release fixes a problem that prevented the VMware vmnet module from building correctly on hosts running Linux with kernel versions higher than 2.6.21.
This release fixes a problem that could corrupt the guest's memory on hosts running Linux with kernel versions higher than 2.6.21.
This release fixes the following problem: when a user attempts to access a virtual machine through the Windows remote VMware Service Console, and the user does not have execute permission on the virtual machine configuration (.vmx) file, the display is blank with no indication of the actual problem. This release adds an error message in this circumstance, to advise the user that execute access is required to connect to the virtual machine with the VMware Service Console.
This release fixes a problem with virtual machines running Red Hat Linux 7.1, kernel version 2.4.2, that caused the guest operating system to become unresponsive during the installation of VMware Tools, after the user selected the default display size.
This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This problem could result in a security vulnerability from some images stored in virtual machines downloaded by the user.

Security Issues Resolved in VMware Server 1.0.4

This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
This release fixes a security vulnerability that could allow a guest operating system user without administrator privileges to cause a host process to become unresponsive or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
This release fixes several security vulnerabilities in the VMware DHCP server that could enable a malicious web page to gain system-level privileges.
Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063.
This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4059.
This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to this issue: CVE-2007-4155.
This release fixes a security vulnerability in which VMware Server was starting registered Windows services such as the Authorization service with "bare" (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability could allow a malicious user to escalate user privileges.
Thanks to Foundstone for discovering this vulnerability.
This release fixes a problem that could cause user passwords to be printed in cleartext in some VMware Server logs.

Issues Resolved in VMware Server 1.0.3

This release fixes a problem with VMware Tools that caused the guest to run out of memory.
VMware Server 1.0.3 fixes a bug introduced in the VMware Server version 1.0.2 VIX API. As a result of this bug, if Vix_ReleaseHandle (vmhandle) and VixHost_Disconnect (hosthandle) are called, a crash occurs in VixHost_Disconnect(). This crash is accompanied by the following error message:
VMware Server Error: VMware Server unrecoverable error: (app) ASSERT /build/mts/release/bora-39867/pompeii2005/bora/lib/vmdb/vmdbCtx.c:487 bugNr=23952 A log file is available in "/tmp/vmware-mark/vix-3749.log". Please request support and include the contents of the log file. To collect files to submit to VMware support, run vm-support. We will respond on the basis of your support entitlement.

Security Issues Resolved in VMware Server 1.0.3

Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted.
Thanks to Tavis Ormandy of Google for identifying this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE- 2007-1337 to this issue.
Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems.
Thanks to Sungard Ixsecurity for identifying this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1877 to this issue.
Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment.
Thanks to Ruben Santamarta of Reversemode for identifying this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue.
In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures.
Thanks to Ken Johnson for identifying this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1876 to this issue.

Issues Resolved in VMware Server 1.0.2

This release fixes certain memory leaks in VMware Tools on Windows guests.
The vm-support script, which collects log files and other system information, now collects the bootloader configuration file.
This release includes improved support for Intel family F processors.
This release includes new support for Intel Rockton processors.
This release fixes a bug that, under rare conditions, caused a crash when many virtual machines were booting under a heavy load.
This release includes prebuilt modules for VMware Tools for SuSE SLES 10.
This release fixes a bug that sometimes caused an assertion failure when calling VixVM_Open on an unregistered virtual machine.
Starting in this release, guest.commands.allowAnonRootGuestCommandsOnHost and guest.commands.allowAnonRootGuestCommands settings can no longer be included in the .vmx file. To affect all the virtual machines on the host, you can include these settings in the global configuration file $LIBDIR/settings or CommonAppData\settings.ini.
Kernel modules now build on 2.6.18 kernels.
Kernel modules now build on Debian's 2.6.17 kernels.
HGFS now builds on 2.6.18-rc1 kernels.
This release fixes a bug that occasionally caused a crash when uninstalling VMware Server just after resuming a Windows host system.
This release fixes a bug that occasionally crashed 64-bit Windows Server 2003 Enterprise Edition hosts with SP1.
This release fixes a bug that occasionally caused direct execution errors in V8086 mode when running 16-bit DOS applications in a Windows guest. This fix prevents direct execution errors that are caused by the sysenter instruction being improperly handled, and thus enables DOS applications to execute properly.
CD-ROM and DVD-ROM emulation now work correctly in Vista guests.
Vmnet compilation now works correctly for bridged networking on 2.6.18 or higher kernels.
This release fixes a bug that, under rare conditions, caused guest memory to become corrupted.
Second and subsequent snapshots no longer contain the absolute path to the base .vmdk file. This fix allows the virtual machine to be moved to another machine.
This release fixes a bug that, under rare conditions, caused a system panic with sunfire 4100 hardware on a RedHat 4 64-bit guest.
This release fixes a bug that occasionally caused Windows guests with dual vmxnet adapters to lose network connectivity.
This release fixes a bug that occasionally caused a core dump when opening and powering on a FreeBSD6.0 guest and invoking VMware Tools.
VMware Server 1.0.2 now correctly uses 2-CPU licenses instead of 8-CPU licenses on quad core machines.
This release fixes a bug that occasionally caused a hang on RedHat Enterprise Linux 3 U5 virtual machines.

Security Issues Resolved in VMware Server 1.0.2

This release fixes a security issue that could allow a malicious user to crash Windows guest operating systems. Rubén Santamarta of Reversemode discovered a vulnerability in the way that VMware delivered General Protection Faults to Windows guest operating systems, which is now fixed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue.
This release fixes a security issue with the configuration program vmware-config, which could set incorrect permissions and umask on SSL key files. Local users might have been able to obtain access to the SSL key files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
Note: The affected files include /usr/bin/vmware-config.pl and /usr/bin/vmware-config-mui.pl.
RunProgramInGuest was being executed as SYSTEM in Windows guests. Now it executes as the user running it with that user's permissions.

Issues Resolved in VMware Server 1.0.1

Performance problem on 64-bit Windows hosts with Intel EM64T processors
Rare Windows host system crash that may occur on a system with SMP virtual machines or heavy network traffic, or after long periods of continuous operation
Ctrl-T opens the Virtual Network Editor

Technical Document References

For information about how to install, configure, and manage VMware Server, see the VMware Server Administration Guide.
For information about how to create and manage virtual machines on VMware Server, see the VMware Server Virtual Machine Guide.
For information on the VMware Virtual Machine Importer, see the VMware Virtual Machine Importer User's Manual.
For information about how to install supported guest operating systems, see the Guest Operating System Installation Guide.

Getting Started

Installing on a Computer with a Different VMware Product
VMware Server cannot be installed on the same host as VMware Workstation, VMware GSX Server, VMware Player, or VMware ACE. You cannot have multiple versions of VMware Server installed on the same host. Uninstall these VMware products before you install VMware Server. On a Windows host, use the Add/Remove Programs control panel. On a Linux host, see your product manual for the commands needed to uninstall the product.

Creating Virtual Machines
You can create new virtual machines in VMware Server and use VirtualCenter 1.4 to manage them. VMware Server creates virtual machines that are compatible with VMware Workstation 5.x. You must use the VMware Server Console to create and configure virtual machines. You cannot create and configure virtual machines using the VMware Management Interface.

Note: When you create a new virtual machine, the wizard offers options for 64-bit versions of some guest operating systems. To determine whether your host computer can support a 64-bit guest, see VMware knowledge base article 1901.

Using VMware Virtual Machine Importer
This product lets you import virtual machines from Microsoft Virtual Server and Virtual PC as well as Symantec LiveState recovery system images. To access the VMware Virtual Machine Importer from the VMware Server Console, choose either File > Import or File > Open. You can access the VMware Virtual Machine Importer only from the host machine.

Installing Guest Operating Systems
VMware Server supports guest operating systems supported by VMware Workstation 5.5 as well as other guest operating systems. For a list of supported guest operating systems and information about how to install them, see the Guest Operating System Installation Guide. You can also use virtual appliances downloaded from the VMware Technology Network Virtual Appliances Center.

Installing the Latest Version of VMware Tools
If you use existing virtual machines -- either virtual machines created in a different VMware product or virtual machines created in an earlier release of VMware Server -- install the version of VMware Tools included in this release (VM > Install VMware Tools) for enhanced performance of guest operating systems.

Installing the VMware APIs
VMware Server supports the VMware scripting APIs and the Programming API (previously called C API). The scripting APIs include the VmCOM API (Windows hosts only) and the VmPerl API.You can install the APIs on any client machine. For more information about the VMware APIs, go to www.vmware.com/support/developer/.

Known Issues

The following are known issues with VMware Server 1.

On host machines with 64GB of RAM, running Windows Server 2003, attempting to start a virtual machine in VMware Server causes the host machine to quit unexpectedly.
Workaround: Try limiting Windows memory to 63GB:
- If your host machine is running a 64-bit version of Windows Server 2003, add /burnmemory=1024 to the boot.ini file.
- If your host machine is running a 32-bit version of Windows Server 2003, add /MAXMEM=64512 to the boot.ini file.
If this doesn't work, try limiting Windows memory to 32GB:
- If your host machine is running a 64-bit version of Windows Server 2003, add /burnmemory=32768 to the boot.ini file.
- If your host machine is running a 32-bit version of Windows Server 2003, add /MAXMEM=32768 to the boot.ini file.
The VMware Server Console included with VMware Server 1.0.2 build 39867 cannot modify virtual machine configurations for VMware Server 1.0, VMware Server 1.0.1, or GSX Server 3 virtual machines.
Workaround: Upgrade to VMware Server version 1.0.3 or higher. The VMware Server Console included with VMware Server 1.0.3 and higher versions manages VMware Server 1.0, 1.0.1, 1.0.2, and GSX Server 3 virtual machines.

If you encounter any of the issues below, click the appropriate link or go to the VMware Knowledge Base (kb.vmware.com) and enter the article number as your search item.

VMware Authorization Service may take a long time to start on slow Windows hosts (KB 1282693)
VMware Registration Service may crash when selecting Disk device of imported vmc/sv2i virtual machine (KB 5076498)
VMware Management Interface may show incorrect memory usage for virtual machines (KB 2138)
SELinux-based installs not working correctly with multi-user server setups (KB 2699789)
64-bit Linux Host OS doesn't install 32-bit compatibility libraries by default (KB 4483512)
VMware Tools on 64-bit Solaris 10 guests runs only in compatibility mode; X drivers not included (KB 6584367)
Repeated Keystrokes can occur on Linux virtual machines (KB 2308)
Do not edit legacy virtual machine on a network drive using VMware Server Console on a remote client (KB 4542886)
Closing the Home tab on a VMware Server Console for Linux host closes connection to server (KB 1360407)
Unable to create virtual disk on a mapped network drive (KB 8758604)
Do not mix components of VMware Server and VMware ESX Server (KB 1404107)
Error message when attempting to use VMware GSX Server console is not informative (KB 1522744)
Sound driver needed for 64-bit Windows guest operating systems (KB 6535062)
Grab on keypress might interfere with typing in dialog boxes (KB 2093)
Administrator can delete private virtual machine created by users (KB 607613)
Non-administrator users cannot save changes to VMware Tools scripts (KB 2978408)

Scripting API Known Issues

Use 32-bit VMware VmCOM API on 64-bit Microsoft Windows guest operating system (KB 2018)

Programming API Known Issues

For information about the known issues for the VMware Programming API, read the release notes located at www.vmware.com/support/developer/prog-api/ProgAPI-1.0-Release-Notes.html.