Vulnerability Name:

CVE-2007-0063 (CCN-33103)

Assigned:2007-09-19
Published:2007-09-19
Updated:2019-07-16
Summary:Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-191
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: MITRE
Type: CNA
CVE-2007-0063

Source: FULLDISC
Type: Third Party Advisory
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: RHSA-2007-0970
Important: dhcp security update

Source: CCN
Type: SA26890
VMWare Products Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
26890

Source: SECUNIA
Type: Third Party Advisory
27694

Source: SECUNIA
Type: Third Party Advisory
27706

Source: GENTOO
Type: Third Party Advisory
GLSA-200711-23

Source: CCN
Type: SECTRACK ID: 1018717
VMware DHCP Bugs Let Remote Users Execute Arbitrary Code

Source: CCN
Type: GLSA-200711-23
VMware Workstation and Player: Multiple vulnerabilities

Source: CCN
Type: IBM Internet Security Systems Protection Advisory, Sept. 19, 2007
VMWare DHCP Server Remote Code Execution Vulnerabilities

Source: ISS
Type: Patch, Third Party Advisory
20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
25729

Source: CCN
Type: BID-25729
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018717

Source: CCN
Type: USN-543-1
VMWare vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-543-1

Source: CCN
Type: VMware, Inc. Web site
VMware Workstation Download Archive

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Source: VUPEN
Type: Third Party Advisory
ADV-2007-3229

Source: XF
Type: Third Party Advisory, VDB Entry
dhcp-param-underflow(33103)

Source: XF
Type: UNKNOWN
dhcp-param-underflow(33103)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:ace:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.3)
  • OR cpe:/a:vmware:ace:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.1)
  • OR cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.5)
  • OR cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.1)
  • OR cpe:/a:vmware:server:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.4)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 5.5 and < 5.5.5)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 6.0 and < 6.0.1)
  • OR cpe:/o:vmware:esx:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:16767
    P
    		USN-543-1 -- linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities
    2014-06-30
    BACK
    vmware ace *
    vmware ace *
    vmware player *
    vmware player *
    vmware server *
    vmware workstation *
    vmware workstation *
    vmware esx 2.0.2
    vmware esx 2.1.3
    vmware esx 2.5.3
    vmware esx 2.5.4
    vmware esx 3.0.0
    vmware esx 3.0.1
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    canonical ubuntu linux 7.04
    vmware workstation 5.5.1
    vmware workstation 6.0
    vmware ace 1.0
    vmware ace 1.0.3_build_54075
    vmware ace 2.0.1_build_55017
    vmware server 1.0.4_build_56528
    vmware workstation 5.5
    vmware workstation 5.5.3
    vmware workstation 5.5.3_build_34685
    vmware workstation 5.5.5_build_56455
    vmware workstation 6.0.1_build_55017
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    canonical ubuntu 7.04