| Vulnerability Name: | CVE-2009-4811 (CCN-58206) |
| Assigned: | 2009-10-07 |
| Published: | 2009-10-07 |
| Updated: | 2013-05-15 |
| Summary: | VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707.
Note: some of these details are obtained from third party information.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-134
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: BUGTRAQ
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: CCN
Type: BugTraq Mailing List, Fri Apr 09 2010 - 04:28:34 CDT
VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: FULLDISC
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: MITRE
Type: CNA
CVE-2009-4811
Source: MISC
Type: Exploit
http://freetexthost.com/qr1tffkzpu
Source: MLIST
Type: Patch, Vendor Advisory
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
Source: MISC
Type: Exploit
http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html
Source: GENTOO
Type: UNKNOWN
GLSA-201209-25
Source: BID
Type: Exploit
36630
Source: CCN
Type: BID-36630
VMware Player and Workstation 'vmware-authd' Remote Denial of Service Vulnerability
Source: CCN
Type: VMware, Inc. Web site
VMware Player
Source: CCN
Type: VMware Web site
Workstation
Source: MISC
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Source: XF
Type: UNKNOWN
vmware-vmwareauth-dos(58206)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:vmware:ace:2.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:vmware:workstation:6.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.3:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.1:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:server:2.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:7.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:player:3.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:player:2.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.6.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.5.4:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |