Vulnerability CVE-2005-4459 - CERT Civis.Net

Vulnerability Name:

CVE-2005-4459 (CCN-23766)

Assigned:

2005-12-21

Published:

2005-12-21

Updated:

2018-10-30

Summary:

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Wed Dec 21 2005 - 01:47:48 CST
VMware vulnerability in NAT networking

Source: CCN
Type: Full-Disclosure Mailing List, Tue Dec 20 2005 - 21:36:33 CST
[ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others

Source: MITRE
Type: CNA
CVE-2005-4459

Source: FULLDISC
Type: Exploit
20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others

Source: CCN
Type: SA18162
VMware NAT Networking Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
18162

Source: SECUNIA
Type: Vendor Advisory
18344

Source: SREASON
Type: UNKNOWN
282

Source: SREASON
Type: UNKNOWN
289

Source: CCN
Type: SECTRACK ID: 1015401
VMware Flaw in NAT Function Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015401

Source: CCN
Type: GLSA-200601-04
VMware Workstation: Vulnerability in NAT networking

Source: GENTOO
Type: UNKNOWN
GLSA-200601-04

Source: CCN
Type: US-CERT VU#856689
VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands

Source: CERT-VN
Type: US Government Resource
VU#856689

Source: CCN
Type: OSVDB ID: 22006
VMware vmnat.exe/vmnet-natd Multiple FTP Command Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others]

Source: BUGTRAQ
Type: UNKNOWN
20051221 VMware vulnerability in NAT networking

Source: BID
Type: Patch
15998

Source: CCN
Type: BID-15998
VMWare Remote Arbitrary Code Execution Vulnerability

Source: CCN
Type: VMware Web site
VMware Workstation

Source: CCN
Type: VMware Knowledge Base Web page
Security Response to Vulnerability in NAT Networking

Source: CONFIRM
Type: Patch
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000

Source: VUPEN
Type: Vendor Advisory
ADV-2005-3013

Source: XF
Type: UNKNOWN
vmware-vmnat-execute-code(23766)

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:player:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:3.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:vmware:workstation:4.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:gsx_server:3.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:3.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable