Vulnerability CVE-2007-5617 - CERT Civis.Net

Vulnerability Name:

CVE-2007-5617 (CCN-38354)

Assigned:

2007-09-18

Published:

2007-09-18

Updated:

2018-10-26

Summary:

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2007-5617

Source: FULLDISC
Type: Third Party Advisory
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: SA26890
VMWare Products Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
26890

Source: SECUNIA
Type: Third Party Advisory
27706

Source: GENTOO
Type: Third Party Advisory
GLSA-200711-23

Source: CCN
Type: GLSA-200711-23
VMware Workstation and Player: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 40092
VMware Multiple Products Untrusted Virtual Image Unspecified Issue

Source: CCN
Type: VMware, Inc. Web site
VMware Player Release Notes

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html

Source: CCN
Type: VMware Web site
Workstation 5.5 Release Notes

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Source: VUPEN
Type: Third Party Advisory
ADV-2007-3229

Source: XF
Type: UNKNOWN
vmware-image-unspecified(38354)

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 1.0.0 and < 1.0.5)

OR cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.1)

OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 5.5 and < 5.5.5)

OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 6.0 and < 6.0.1)

Configuration CCN 1:

cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable