Vulnerability Name:

CVE-2009-0177 (CCN-47812)

Assigned:2009-01-02
Published:2009-01-02
Updated:2017-10-19
Summary:vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-0177

Source: MLIST
Type: Patch
[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

Source: OSVDB
Type: UNKNOWN
51180

Source: FULLDISC
Type: Patch
20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

Source: CCN
Type: SA33372
VMware "vmware-authd" Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
33372

Source: CCN
Type: SA34601
VMware Fusion "vmware-authd" Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
34601

Source: CCN
Type: SECTRACK ID: 1021512
VMware authd Service Lets Remote Users Deny Service

Source: CCN
Type: OSVDB ID: 51180
VMware vmware-authd USER String Handling DoS

Source: CCN
Type: BID-33095
VMware Player and Workstation 'vmware-authd' Multiple Remote Denial of Service Vulnerabilities

Source: BID
Type: Exploit
34373

Source: CCN
Type: BID-34373
VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021512

Source: CCN
Type: VMware Web site
Virtual Server Consolidation Plan, Reduce IT Costs with Virtualization Benefits - VMware

Source: CCN
Type: VMSA-2009-0005
VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0005.html

Source: VUPEN
Type: Vendor Advisory
ADV-2009-0024

Source: VUPEN
Type: Vendor Advisory
ADV-2009-0944

Source: XF
Type: UNKNOWN
vmware-vmwareauthd-dos(47812)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6433

Source: EXPLOIT-DB
Type: UNKNOWN
7647

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:ace:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:*:*:*:*:*:*:*:* (Version <= 2.5.1)
  • OR cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version <= 2.0.1)
  • OR cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.05:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:*:*:*:*:*:*:*:* (Version <= 2.5.1)
  • OR cpe:/a:vmware:vmware_workstation:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:*:*:*:*:*:*:*:* (Version <= 6.51)

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6433
    V
    		VMware authd Service Lets Remote Users Deny Service
    2009-11-09
    BACK
    vmware ace 2.5.0
    vmware ace *
    vmware fusion *
    vmware server 2.0.0
    vmware vmware player 1.0.0
    vmware vmware player 1.0.1
    vmware vmware player 1.0.2
    vmware vmware player 1.0.3
    vmware vmware player 1.0.4
    vmware vmware player 1.0.6
    vmware vmware player 1.0.7
    vmware vmware player 1.0.8
    vmware vmware player 1.0.9
    vmware vmware player 1.05
    vmware vmware player 2.0
    vmware vmware player 2.0.1
    vmware vmware player 2.0.2
    vmware vmware player 2.0.3
    vmware vmware player 2.0.4
    vmware vmware player 2.0.5
    vmware vmware player 2.5
    vmware vmware player *
    vmware vmware workstation 4.5.3
    vmware vmware workstation 5.0
    vmware vmware workstation 5.5.0
    vmware vmware workstation 5.5.1
    vmware vmware workstation 5.5.2
    vmware vmware workstation 5.5.3
    vmware vmware workstation 5.5.4
    vmware vmware workstation 5.5.5
    vmware vmware workstation 5.5.6
    vmware vmware workstation 5.5.7
    vmware vmware workstation 5.5.8
    vmware vmware workstation 6.0
    vmware vmware workstation 6.0.1
    vmware vmware workstation 6.0.2
    vmware vmware workstation 6.0.3
    vmware vmware workstation 6.0.4
    vmware vmware workstation 6.0.5
    vmware vmware workstation 6.5
    vmware vmware workstation *
    vmware workstation 5.5.1
    vmware workstation 6.0
    vmware workstation 5.5.3
    vmware workstation 5.5.4
    vmware workstation 5.0.0_build_13124
    vmware workstation 5.5.0
    vmware workstation 5.5.2
    vmware workstation 5.5.5
    vmware workstation 5.5.6
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware workstation 6.0.3
    vmware workstation 5.5.8
    vmware workstation 5.5.7
    vmware workstation 6.0.4
    vmware workstation 6.0.5
    vmware workstation 6.5