CVE-2009-3707
VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
VMware Authentication Daemon versión 1.0 en el archivo vmware-authd.exe en el Servicio de Autorización de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo del proceso) por medio de una secuencia de \x25\xFF en los comandos USER y PASS, relacionada con un problema de "format string DoS". NOTA: algunos de estos datos fueron obtenidos de la información de terceros.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-07 First Exploit
- 2009-10-16 CVE Reserved
- 2009-10-16 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Mailing List | |
| http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List | |
| http://secunia.com/advisories/39206 | Third Party Advisory | |
| http://secunia.com/advisories/39215 | Third Party Advisory | |
| http://securitytracker.com/id?1022997 | Vdb Entry | |
| http://www.securityfocus.com/bid/36630 | Vdb Entry | |
| http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt | Url Repurposed | |
| http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php | Url Repurposed | |
| http://www.vmware.com/security/advisories/VMSA-2010-0007.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33271 | 2009-10-07 | |
| http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36988 | 2024-02-14 | |
| http://security.gentoo.org/glsa/glsa-201209-25.xml | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.0 Search vendor "Vmware" for product "Ace" and version "2.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.1 Search vendor "Vmware" for product "Ace" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.2 Search vendor "Vmware" for product "Ace" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.3 Search vendor "Vmware" for product "Ace" and version "2.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.5.4 Search vendor "Vmware" for product "Ace" and version "2.5.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.6 Search vendor "Vmware" for product "Ace" and version "2.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.6.1 Search vendor "Vmware" for product "Ace" and version "2.6.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5 Search vendor "Vmware" for product "Player" and version "2.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.3 Search vendor "Vmware" for product "Player" and version "2.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.4 Search vendor "Vmware" for product "Player" and version "2.5.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 3.0 Search vendor "Vmware" for product "Player" and version "3.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 3.0.1 Search vendor "Vmware" for product "Player" and version "3.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.0 Search vendor "Vmware" for product "Server" and version "2.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.3 Search vendor "Vmware" for product "Workstation" and version "6.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.4 Search vendor "Vmware" for product "Workstation" and version "6.5.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 7.0 Search vendor "Vmware" for product "Workstation" and version "7.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 7.0.1 Search vendor "Vmware" for product "Workstation" and version "7.0.1" | - |
Affected
| ||||||