Vulnerability CVE-2005-4459


Published: 2005-12-21   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others
Andrew Griffiths
22.12.2005
Med.
VMware vulnerability in NAT networking
Tim Shelton
22.12.2005

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Vmware -> ACE 
Vmware -> Gsx server 
Vmware -> Player 
Vmware -> Workstation 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html
http://securityreason.com/securityalert/282
http://securityreason.com/securityalert/289
http://securitytracker.com/id?1015401
http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
http://www.kb.cert.org/vuls/id/856689
http://www.securityfocus.com/archive/1/419997/100/0/threaded
http://www.securityfocus.com/archive/1/420017/100/0/threaded
http://www.securityfocus.com/bid/15998
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
http://www.vupen.com/english/advisories/2005/3013

Copyright 2024, cxsecurity.com

 

Back to Top