CVE-2009-3707

16.10.2009, 16:30

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
vmware	ace	2.5.0
vmware	ace	2.5.1
vmware	ace	2.5.2
vmware	ace	2.5.3
vmware	ace	2.5.4
vmware	ace	2.6
vmware	ace	2.6.1
vmware	player	2.5
vmware	player	2.5.1
vmware	player	2.5.2
vmware	player	2.5.3
vmware	player	2.5.4
vmware	player	3.0
vmware	player	3.0.1
vmware	server	2.0.0
vmware	server	2.0.1
vmware	server	2.0.2
vmware	workstation	6.5.0
vmware	workstation	6.5.1
vmware	workstation	6.5.2
vmware	workstation	6.5.3
vmware	workstation	6.5.4
vmware	workstation	7.0
vmware	workstation	7.0.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

http://secunia.com/advisories/36988

http://secunia.com/advisories/39206

http://secunia.com/advisories/39215

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://securitytracker.com/id?1022997

http://www.securityfocus.com/bid/36630

http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt

http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php

http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html

http://www.vmware.com/security/advisories/VMSA-2010-0007.html

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

http://lists.vmware.com/pipermail/security-announce/2010/000090.html

http://secunia.com/advisories/36988

http://secunia.com/advisories/39206

http://secunia.com/advisories/39215

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://securitytracker.com/id?1022997

http://www.securityfocus.com/bid/36630

http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt

http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php

http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html

http://www.vmware.com/security/advisories/VMSA-2010-0007.html