Summary
The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.
Impact
Successful exploitation allow attackers to execute arbitrary code on the affected application and causes the Denial of Service.
Impact Level: Application
Solution
Upgrade VMware ACE to 2.5.4 build 246459 or later, Upgrade VMware Player to 2.5.4 build 246459 or later, Upgrade VMware Workstation to 6.5.4 build 246459 or later, For updates refer to http://www.vmware.com
Insight
The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.
Affected
VMware ACE 2.5.3 and prior.
VMware Player 2.5.3 build 185404 and prior.
VMware Workstation 6.5.3 build 185404 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3707 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Firefox XUL Parsing Denial of Service Vulnerability (Linux)
- Comodo Internet Security Denial of Service Vulnerability-01
- COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
- Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
- Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability