VMware authd Service Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1021512
|
|
SecurityTracker URL: http://securitytracker.com/id?1021512
|
|
CVE Reference: CVE-2009-0177
(Links to External Site)
|
Updated: Apr 6 2009
|
Original Entry Date: Jan 4 2009
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 2.5.1 build-126130 and prior versions; other versions are also affected
|
Description: A vulnerability was reported in VMware. A remote user can cause denial of service conditions.
A remote user can send a specially crafted username or password to the authd service to cause the target service to crash.
VMware
Player and VMware workstation are affected.
Laurent Gaffie reported this vulnerability.
The original advisory is available
at:
http://milw0rm.com/exploits/7647
|
Impact: A remote user can cause denial of service conditions.
|
Solution: The vendor has issued a fix.
VMware Workstation (Windows): 6.5.2 build 156735 or later
VMware Player (Windows): 2.5.2 build
156735 or later
ACE (Windows): 2.5.2 build 156735 or later
Server (Windows): 2.0.1 build 156745 or later
Fusion (Mac
OS/X): 2.0.2 build 147997 or later
The vendor's advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2009-0005.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2009-0005.html (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 3 Jan 2009 20:10:09 -0500
Subject: VMware Player
|
http://milw0rm.com/exploits/7647
|
|
