Remote Denial of Service Vulnerability in VMware Authorization Service
CVE-2009-3707

Currently unrated

Key Information:

Vendor

Vmware
Status
Player
Ace
Workstation
Server
Vendor
CVE Published:
16 October 2009

What is CVE-2009-3707?

The VMware Authorization Service contains a vulnerability that could allow remote attackers to trigger a denial of service by sending specially crafted USER and PASS commands. This flaw relates to a format string issue that can cause the underlying process to crash, impacting the availability of the affected VMware products. Versions prior to VMware Workstation 7.0.1, VMware Player 3.0.1, VMware ACE 2.6.1, and VMware Server 2.x are particularly susceptible to this attack.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml
vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/39206
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/36630
vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.