Summary
The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.
Impact
Successful exploitation allow attackers to execute arbitrary code on the affected application and causes the Denial of Service.
Impact Level: Application
Solution
Upgrade to player 3.0.1 build 227600 or 2.5.4 build 246459, http://www.vmware.com/products/player/
Upgrade to VMware ACE 2.6.1 build 227600 or 2.5.4 build 246459 http://www.vmware.com/products/ws/
Upgrade VMware Workstation 7.0.1 build 227600 and 6.5.4 build 246459 http://www.vmware.com/download/ace/
Apply workaround for VMware Server version 2.x,
http://www.vmware.com/resources/techresources/726
*****
NOTE: Ignore this warning, if above mentioned workaround is manually applied.
*****
Insight
The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.
Affected
VMware Server 2.x
VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459
References
Severity
Classification
-
CVE CVE-2009-4811 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
- Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
- CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
- Apache APR-Utils Multiple Denial of Service Vulnerabilities
- Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability