Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335866 (CVE-2009-3732)

Summary: <app-emulation/vmware-{workstation-7.1.5,server-2.0.2.203138,player-3.1.5}: multiple vulnerabilites (CVE-2009-{3732,4811},CVE-2010-{1137,1138,1139,1140,1141,1142,1143})
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Whiteboard: B0 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 20:42:32 UTC 
CVE-2009-3732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732):
  Format string vulnerability in vmware-vmrc.exe build 158248 in VMware
  Remote Console (aka VMrc) allows remote attackers to execute
  arbitrary code via unspecified vectors.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:47:45 UTC 
CVE-2009-4811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811):
  VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware
  Authorization Service in VMware Workstation 7.0 before 7.0.1 build
  227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before
  3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE
  2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459,
  and VMware Server 2.x allows remote attackers to cause a denial of
  service (process crash) via a \x25\x90 sequence in the USER and PASS
  commands, a related issue to CVE-2009-3707.  NOTE: some of these
  details are obtained from third party information.

CVE-2010-1137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137):
  Cross-site scripting (XSS) vulnerability in WebAccess in VMware
  VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the
  Server Console in VMware Server 1.0, allows remote attackers to
  inject arbitrary web script or HTML via the name of a virtual machine.

CVE-2010-1138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138):
  The virtual networking stack in VMware Workstation 7.0 before 7.0.1
  build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on
  Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player
  2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before
  2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server
  2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before
  2.0.7 build 246742 allows remote attackers to obtain sensitive
  information from memory on the host OS by examining received network
  packets, related to interaction between the guest OS and the host
  vmware-vmx process.

CVE-2010-1139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139):
  Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware
  Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x
  before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware
  Fusion 2.x before 2.0.7 build 246742, allows local users to gain
  privileges via format string specifiers in process metadata.

CVE-2010-1140 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140):
  The USB service in VMware Workstation 7.0 before 7.0.1 build 227600
  and VMware Player 3.0 before 3.0.1 build 227600 on Windows might
  allow host OS users to gain privileges by placing a Trojan horse
  program at an unspecified location on the host OS disk.

CVE-2010-1141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141):
  VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459;
  VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x
  before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build
  203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5
  and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly
  access libraries, which allows user-assisted remote attackers to
  execute arbitrary code by tricking a Windows guest OS user into
  clicking on a file that is stored on a network share.

CVE-2010-1142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142):
  VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459;
  VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x
  before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build
  203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5
  and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly
  load VMware programs, which might allow Windows guest OS users to
  gain privileges by placing a Trojan horse program at an unspecified
  location on the guest OS disk.

CVE-2010-1143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143):
  Cross-site scripting (XSS) vulnerability in VMware View (formerly
  Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693
  allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2011-12-15 14:06:01 UTC 
vmware-server removed from tree along with vulnerable versions of vmware-workstation and vmware-player.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-09-29 16:26:31 UTC 
This issue was resolved and addressed in
 GLSA 201209-25 at http://security.gentoo.org/glsa/glsa-201209-25.xml
by GLSA coordinator Sean Amoss (ackle).