Bug 254148

Summary:	app-emulation/vmware-player <= 2.5.1.126130 and app-emulation/vmware-workstation <= 6.5.1.126130 Denial of Service
Product:	Gentoo Security	Reporter:	Bruno Buss <bruno.buss>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	dilfridge, vmware+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/Advisories/33372/
Whiteboard:	~3 [upstream]
Package list:		Runtime testing required:	---

Description Bruno Buss 2009-01-07 20:39:26 UTC

Description:
"Laurent Gaffié has discovered a vulnerability in VMware, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "vmware-authd" daemon when processing overly long strings. This can be exploited to terminate the "vmware-authd" process via e.g. an overly long "USER" string sent to TCP port 912.

Successful exploitation allows e.g. denying virtual machine access to local unprivileged users.

The vulnerability is confirmed in VMware Player 2.5.1 build 126130 and VMware Workstation 6.5.1 build 126130 on Windows. Other versions may also be affected."

Exploit available:
http://milw0rm.com/exploits/7647

Comment 1 Bruno Buss 2009-01-07 20:42:04 UTC

Marked as ~3 cause i don't know if the stable versions in gentoo (app-emulation/vmware-player-1.0.7.91707 and app-emulation/vmware-workstation-5.5.7.91707) are vulnerable.

Comment 2 Andreas K. Hüttel archtester

2010-07-02 15:02:44 UTC

I guess we can resolve this since for both applications the only keyworded and stable version in tree is newer.

Please reopen if you disagree.

Comment 3 Alex Legler (RETIRED) archtester

2010-07-02 15:27:42 UTC

Andreas, please refrain from closing bugs assigned to security@ in the future. If you have suggestions towards a bug's status, please add a comment and we will take care of it (sooner or later). Thanks.