Denial of Service in VMware Workstation and Player
CVE-2009-0177

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Vmware Player; Vmware Workstation; Server
Vendor: CVE Published:; 20 January 2009

Summary

The vmwarebase.dll component in VMware Workstation, Player, ACE, Server, and Fusion versions before the specified builds has a flaw that allows remote attackers to trigger a denial of service by sending overly long USER or PASS commands. This results in a crash of the vmware-authd service, potentially disrupting services and affecting availability.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://seclists.org/fulldisclosure/2009/Apr/0036.html

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/33372

third-party-advisoryx_refsource_SECUNIA

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 20, 2009
Vulnerability Reserved
Jan 20, 2009