| Vulnerability Name: | CVE-2009-3707 (CCN-53688) |
| Assigned: | 2009-10-08 |
| Published: | 2009-10-08 |
| Updated: | 2013-05-15 |
| Summary: | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue.
Note: some of these details are obtained from third party information.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:UR)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:UR)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-134
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: BUGTRAQ
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: FULLDISC
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: MITRE
Type: CNA
CVE-2009-3707
Source: MLIST
Type: UNKNOWN
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: CCN
Type: SA36988
VMware Authorization Service Denial of Service Vulnerability
Source: SECUNIA
Type: Vendor Advisory
36988
Source: CCN
Type: SA39206
VMware Products Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
39206
Source: CCN
Type: SA39215
VMware Server Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
39215
Source: GENTOO
Type: UNKNOWN
GLSA-201209-25
Source: CCN
Type: SECTRACK ID: 1022997
VMware Authorization Service Lets Remote Users Deny Service
Source: SECTRACK
Type: UNKNOWN
1022997
Source: CCN
Type: OSVDB ID: 58728
VMware Multiple Products Authorization Service vmware-authd.exe Login Request Format String DoS
Source: CCN
Type: OSVDB ID: 64127
VMware Multiple Products vmware-authd.exe Multiple Command \x25\x90 Sequence Remote DoS
Source: BID
Type: UNKNOWN
36630
Source: CCN
Type: BID-36630
VMware Player and Workstation 'vmware-authd' Remote Denial of Service Vulnerability
Source: MISC
Type: UNKNOWN
http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt
Source: CCN
Type: shinnai - forum ยป Forum
VMware Authorization Service 2.5.3 (vmware-authd.exe) Format String DoS
Source: MISC
Type: UNKNOWN
http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php
Source: MISC
Type: Exploit
http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html
Source: CCN
Type: VMware, Inc. Web site
VMware Player
Source: CCN
Type: VMware Web site
Workstation
Source: CCN
Type: VMSA-2010-0007.1
VMSA-2010-0007.1 | United States
Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Source: XF
Type: UNKNOWN
vmware-authorization-service-dos(53688)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:vmware:ace:2.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.3:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |