Vulnerability CVE-2009-3707


Published: 2009-10-16   Modified: 2012-02-13

Description:
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
shinnai
16.10.2009

Type:

CWE-134

(Uncontrolled Format String)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Vmware -> ACE 
Vmware -> Player 
Vmware -> Server 
Vmware -> Workstation 

 References:
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html
http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php
http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt
http://www.securityfocus.com/bid/36630
http://securitytracker.com/id?1022997
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://secunia.com/advisories/39215
http://secunia.com/advisories/39206
http://secunia.com/advisories/36988
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

Copyright 2021, cxsecurity.com

 

Back to Top