Remote Denial of Service Vulnerability in VMware Authorization Service
CVE-2009-3707

Currently unrated

Key Information:

Vendor: Vmware
Status: Player; Ace; Workstation; Server
Vendor: CVE Published:; 16 October 2009

Summary

The VMware Authorization Service contains a vulnerability that could allow remote attackers to trigger a denial of service by sending specially crafted USER and PASS commands. This flaw relates to a format string issue that can cause the underlying process to crash, impacting the availability of the affected VMware products. Versions prior to VMware Workstation 7.0.1, VMware Player 3.0.1, VMware ACE 2.6.1, and VMware Server 2.x are particularly susceptible to this attack.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://secunia.com/advisories/39206

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/36630

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 16, 2009
Vulnerability Reserved
Oct 16, 2009