Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMware Authorization Service Denial of Service Vulnerability (Windows) -Apr10
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.
Insight
Insight
The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.
Affected Software
Affected Software
VMware Server 2.x VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459 VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459
Solution
Solution
Upgrade to player 3.0.1 build 227600 or 2.5.4 build 246459, Upgrade to VMware ACE 2.6.1 build 227600 or 2.5.4 build 246459 Upgrade VMware Workstation 7.0.1 build 227600 and 6.5.4 build 246459 Apply the workaround for VMware Server version 2.x described in the referenced techresource.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.vmware.com/security/advisories/VMSA-2010-0007.html
- http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
- http://lists.vmware.com/pipermail/security-announce/2010/000090.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.htm
- http://www.vmware.com/resources/techresources/726