| VID |
23154 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The VMware system, according to its version number, has a buffer overflow vulnerability in the VMware NAT service. VMware Workstation is one of the commercial software products that allow the creation and execution of multiple x86 virtual computers simultaneously on the same system without having to reboot or partition the drive. VMware Workstation versions 5.5 and earlier, VMware GSX Server versions 3.2 and earlier, VMware ACE versions 1.0.1 and earlier, and VMware Player versions 1.0 and earlier are vulnerable to a heap-based buffer overflow vulnerability, caused by improper bounds checking of malformed EPRT and PORT FTP commands. A remote authenticated attacker, by sending specially crafted FTP PORT and EPRT requests, could exploit this vulnerability to execute arbitrary code with the privileges of the affected VMware NAT Service (Local System on Windows platforms, root on Linux platforms). To be exploitable, the VMware system must be configured to use NAT networking.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2002
http://www.kb.cert.org/vuls/id/856689
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html
http://archives.neohapsis.com/archives/bugtraq/2005-12/0266.html
* Platforms Affected:
VMware ACE 1.0.1 and earlier
VMware GSX Server 3.2 and earlier
VMware Player 1.0 and earlier
VMware Workstation 5.5 and earlier
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest versions of the affected applications (VMware ACE 1.0.2 or later, VMware GSX Server 3.2.1 or later, VMware Player 1.0.1 or later, VMware Workstation 5.5.1 or later), available from the VMware Download Web site at http://www.vmware.com/download/
As a workaround, disable NAT networking on the virtual machine. |
| Related URL |
CVE-2005-4459 (CVE) |
| Related URL |
15998 (SecurityFocus) |
| Related URL |
23766 (ISS) |
|
