Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

VMware Authorization Service Denial of Service Vulnerability (Windows)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

3 years ago

Summary

The host is installed with VMWare product(s) that are vulnerable to Denial of Service vulnerability.

Insight

Insight

The vulnerability is due to an error in the VMware Authorization Service when processing login requests. This can be exploited to terminate the 'vmware-authd' process via 'USER' or 'PASS' strings containing '\xFF' characters, sent to TCP port 912.

Affected Software

Affected Software

VMware ACE 2.5.3 and prior. VMware Player 2.5.3 build 185404 and prior. VMware Workstation 6.5.3 build 185404 and prior.

Solution

Solution

Upgrade VMware ACE to 2.5.4 build 246459 or later, Upgrade VMware Player to 2.5.4 build 246459 or later, Upgrade VMware Workstation to 6.5.4 build 246459 or later.

Common Vulnerabilities and Exposures (CVE)