cvelistv5 - cve-2005-4459

CVE-2005-4459 (GCVE-0-2005-4459)

Vulnerability from cvelistv5 – Published: 2005-12-21 20:00 – Updated: 2024-08-07 23:46

Summary

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/18344	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/282	third-party-advisoryx_refsource_SREASON
	http://www.vupen.com/english/advisories/2005/3013	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/18162	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/support/kb/enduser/std_adp.…	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/15998	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1015401	vdb-entryx_refsource_SECTRACK
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.kb.cert.org/vuls/id/856689	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/419997/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/420017/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/289	third-party-advisoryx_refsource_SREASON

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:46:05.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18344",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18344"
          },
          {
            "name": "282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/282"
          },
          {
            "name": "ADV-2005-3013",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/3013"
          },
          {
            "name": "18162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18162"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
          },
          {
            "name": "GLSA-200601-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
          },
          {
            "name": "15998",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15998"
          },
          {
            "name": "1015401",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015401"
          },
          {
            "name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
          },
          {
            "name": "VU#856689",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/856689"
          },
          {
            "name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
          },
          {
            "name": "20051221 VMware vulnerability in NAT networking",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
          },
          {
            "name": "289",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/289"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18344",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18344"
        },
        {
          "name": "282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/282"
        },
        {
          "name": "ADV-2005-3013",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/3013"
        },
        {
          "name": "18162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18162"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
        },
        {
          "name": "GLSA-200601-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
        },
        {
          "name": "15998",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15998"
        },
        {
          "name": "1015401",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015401"
        },
        {
          "name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
        },
        {
          "name": "VU#856689",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/856689"
        },
        {
          "name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
        },
        {
          "name": "20051221 VMware vulnerability in NAT networking",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
        },
        {
          "name": "289",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/289"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18344",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18344"
            },
            {
              "name": "282",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/282"
            },
            {
              "name": "ADV-2005-3013",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/3013"
            },
            {
              "name": "18162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18162"
            },
            {
              "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
            },
            {
              "name": "GLSA-200601-04",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
            },
            {
              "name": "15998",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15998"
            },
            {
              "name": "1015401",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015401"
            },
            {
              "name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
            },
            {
              "name": "VU#856689",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/856689"
            },
            {
              "name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
            },
            {
              "name": "20051221 VMware vulnerability in NAT networking",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
            },
            {
              "name": "289",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/289"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4459",
    "datePublished": "2005-12-21T20:00:00",
    "dateReserved": "2005-12-21T00:00:00",
    "dateUpdated": "2024-08-07T23:46:05.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05CC5F49-0E9E-45D8-827D-A5940566DB25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D94EE19-6CE9-4E02-8174-D9954CDBF02B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4E4BEE3-AE7B-4481-B724-2E644E18ACC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAAB7052-E0B6-472E-920B-A0F0AEA25D6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4088851B-C42B-4B3C-B548-68A026C2BC96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1E0FF6-89A3-4530-A6B5-D9951C951209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CE38F15-BD42-4171-8670-86AA8169A60C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"944FE3AE-C500-4891-BC05-3F1E3417FF68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:gsx_server:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"111932A6-B0ED-4A79-A533-AEA984DB6A90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E76D03A3-DB55-48A2-B5A5-64002D28B95F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C1A275E-2152-4A37-8CFE-34E8900E3426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7A688A2-3E9C-4AA3-832B-300A5A311C43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89098CFF-4696-4BD9-9BC9-D7C2D92FE729\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A30DFFE7-EB73-4A88-A23B-9B386C091314\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD0FE7C5-2C46-4B59-9242-A03B986C07DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C605123-69F9-44AC-A17E-3C728059E628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41B54C61-FB19-4900-A635-2F6B63BEC88C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.\"}]",
      "id": "CVE-2005-4459",
      "lastModified": "2024-11-21T00:04:18.633",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-12-21T20:03:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/18162\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18344\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/282\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/289\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015401\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/856689\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/419997/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/420017/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/15998\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2005/3013\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/18162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/282\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015401\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/856689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/419997/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/420017/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/15998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2005/3013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-4459\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-21T20:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05CC5F49-0E9E-45D8-827D-A5940566DB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D94EE19-6CE9-4E02-8174-D9954CDBF02B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4E4BEE3-AE7B-4481-B724-2E644E18ACC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAAB7052-E0B6-472E-920B-A0F0AEA25D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4088851B-C42B-4B3C-B548-68A026C2BC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1E0FF6-89A3-4530-A6B5-D9951C951209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE38F15-BD42-4171-8670-86AA8169A60C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"944FE3AE-C500-4891-BC05-3F1E3417FF68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:gsx_server:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"111932A6-B0ED-4A79-A533-AEA984DB6A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E76D03A3-DB55-48A2-B5A5-64002D28B95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1A275E-2152-4A37-8CFE-34E8900E3426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7A688A2-3E9C-4AA3-832B-300A5A311C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89098CFF-4696-4BD9-9BC9-D7C2D92FE729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30DFFE7-EB73-4A88-A23B-9B386C091314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0FE7C5-2C46-4B59-9242-A03B986C07DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C605123-69F9-44AC-A17E-3C728059E628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41B54C61-FB19-4900-A635-2F6B63BEC88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/18162\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18344\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/282\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/289\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015401\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/856689\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/419997/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/420017/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2005/3013\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/18162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/856689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/419997/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/420017/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2005/3013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2005-4459

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-4459

Aliases

CVE-2005-4459

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-4459",
    "description": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.",
    "id": "GSD-2005-4459"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-4459"
      ],
      "details": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.",
      "id": "GSD-2005-4459",
      "modified": "2023-12-13T01:20:09.573785Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-4459",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "18344",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18344"
          },
          {
            "name": "282",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/282"
          },
          {
            "name": "ADV-2005-3013",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/3013"
          },
          {
            "name": "18162",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18162"
          },
          {
            "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
          },
          {
            "name": "GLSA-200601-04",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
          },
          {
            "name": "15998",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15998"
          },
          {
            "name": "1015401",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015401"
          },
          {
            "name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
          },
          {
            "name": "VU#856689",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/856689"
          },
          {
            "name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
          },
          {
            "name": "20051221 VMware vulnerability in NAT networking",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
          },
          {
            "name": "289",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/289"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4459"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
            },
            {
              "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
            },
            {
              "name": "15998",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/15998"
            },
            {
              "name": "18162",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18162"
            },
            {
              "name": "VU#856689",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/856689"
            },
            {
              "name": "1015401",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015401"
            },
            {
              "name": "GLSA-200601-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
            },
            {
              "name": "18344",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18344"
            },
            {
              "name": "282",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/282"
            },
            {
              "name": "289",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/289"
            },
            {
              "name": "ADV-2005-3013",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/3013"
            },
            {
              "name": "20051221 VMware vulnerability in NAT networking",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
            },
            {
              "name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2005-12-21T20:03Z"
    }
  }
}

CERTA-2005-AVI-500

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le service de traduction d'adresses de l'émulateur VMware peut être exploitée par un utilisateur mal intentionné pour accèder au système hébergeant la machine virtuelle.

Description

Une vulnérabilité est présente dans le service de traduction d'adresses : vmnat.exe sous windows et vmnet-natd sous linux.

Cette vulnérabilité est due à un problème dans le traitement des requêtes FTP. Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné pour accéder à la machine hébergeant la machine virtuelle.

Solution

Mettre à jour avec les nouvelles versions de VMware.

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation 2.x ;
VMware	N/A	VMware Workstation 3.x ;
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5..x
VMware	N/A	VMware Workstation 4.x ;
VMware	N/A	VMware GSX Server 1.x ;
VMware	N/A	VMware GSX Server 3.x ;
VMware	N/A	VMware GSX Server 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware	None	vendor-advisory
Site Internet de VMware :	-	other
Bulletin de sécurité Gentoo GLSA 200601-04 du 07 janvier 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5..x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le service de traduction d\u0027adresses\n: vmnat.exe sous windows et vmnet-natd sous linux.\n\nCette vuln\u00e9rabilit\u00e9 est due \u00e0 un probl\u00e8me dans le traitement des\nrequ\u00eates FTP. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmal intentionn\u00e9 pour acc\u00e9der \u00e0 la machine h\u00e9bergeant la machine\nvirtuelle.\n\n## Solution\n\nMettre \u00e0 jour avec les nouvelles versions de VMware.\n",
  "cves": [
    {
      "name": "CVE-2005-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-4459"
    }
  ],
  "links": [
    {
      "title": "Site Internet de VMware :",
      "url": "http://www.vmware.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200601-04 du 07 janvier    2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-500",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-12-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo et la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s au syst\u00e8me h\u00f4te"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le service de traduction d\u0027adresses de\nl\u0027\u00e9mulateur VMware peut \u00eatre exploit\u00e9e par un utilisateur mal\nintentionn\u00e9 pour acc\u00e8der au syst\u00e8me h\u00e9bergeant la machine virtuelle.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware",
      "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2002"
    }
  ]
}

CERTA-2005-AVI-500

Vulnerability from certfr_avis - Published: - Updated:

Description

Une vulnérabilité est présente dans le service de traduction d'adresses : vmnat.exe sous windows et vmnet-natd sous linux.

Solution

Mettre à jour avec les nouvelles versions de VMware.

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation 2.x ;
VMware	N/A	VMware Workstation 3.x ;
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5..x
VMware	N/A	VMware Workstation 4.x ;
VMware	N/A	VMware GSX Server 1.x ;
VMware	N/A	VMware GSX Server 3.x ;
VMware	N/A	VMware GSX Server 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware	None	vendor-advisory
Site Internet de VMware :	-	other
Bulletin de sécurité Gentoo GLSA 200601-04 du 07 janvier 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5..x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware GSX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le service de traduction d\u0027adresses\n: vmnat.exe sous windows et vmnet-natd sous linux.\n\nCette vuln\u00e9rabilit\u00e9 est due \u00e0 un probl\u00e8me dans le traitement des\nrequ\u00eates FTP. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmal intentionn\u00e9 pour acc\u00e9der \u00e0 la machine h\u00e9bergeant la machine\nvirtuelle.\n\n## Solution\n\nMettre \u00e0 jour avec les nouvelles versions de VMware.\n",
  "cves": [
    {
      "name": "CVE-2005-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-4459"
    }
  ],
  "links": [
    {
      "title": "Site Internet de VMware :",
      "url": "http://www.vmware.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200601-04 du 07 janvier    2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-500",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-12-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo et la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s au syst\u00e8me h\u00f4te"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le service de traduction d\u0027adresses de\nl\u0027\u00e9mulateur VMware peut \u00eatre exploit\u00e9e par un utilisateur mal\nintentionn\u00e9 pour acc\u00e8der au syst\u00e8me h\u00e9bergeant la machine virtuelle.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware",
      "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2002"
    }
  ]
}

FKIE_CVE-2005-4459

Vulnerability from fkie_nvd - Published: 2005-12-21 20:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html	Exploit
cve@mitre.org	http://secunia.com/advisories/18162	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18344	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/282
cve@mitre.org	http://securityreason.com/securityalert/289
cve@mitre.org	http://securitytracker.com/id?1015401
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
cve@mitre.org	http://www.kb.cert.org/vuls/id/856689	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/419997/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/420017/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/15998	Patch
cve@mitre.org	http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2005/3013	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18162	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18344	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/282
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/289
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015401
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/856689	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/419997/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/420017/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15998	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/3013	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	ace	1.0
vmware	gsx_server	2.0
vmware	gsx_server	2.0.1_build_2129
vmware	gsx_server	2.5.1
vmware	gsx_server	2.5.1_build_5336
vmware	gsx_server	2.5.2
vmware	gsx_server	3.0
vmware	gsx_server	3.0_build_7592
vmware	gsx_server	3.1
vmware	gsx_server	3.2
vmware	player	1.0.0
vmware	workstation	3.2.1
vmware	workstation	3.4
vmware	workstation	4.0
vmware	workstation	4.0.1
vmware	workstation	4.0.2
vmware	workstation	4.5.2
vmware	workstation	4.5.2_build_8848
vmware	workstation	5.0.0_build_13124
vmware	workstation	5.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4088851B-C42B-4B3C-B548-68A026C2BC96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1E0FF6-89A3-4530-A6B5-D9951C951209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "944FE3AE-C500-4891-BC05-3F1E3417FF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:gsx_server:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "111932A6-B0ED-4A79-A533-AEA984DB6A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
              "matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
              "matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
    }
  ],
  "id": "CVE-2005-4459",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-21T20:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18344"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/289"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015401"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/856689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15998"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/3013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/856689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/3013"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PQX2-MG4C-9G67

Vulnerability from github – Published: 2022-05-01 02:27 – Updated: 2022-05-01 02:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-4459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-21T20:03:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.",
  "id": "GHSA-pqx2-mg4c-9g67",
  "modified": "2022-05-01T02:27:35Z",
  "published": "2022-05-01T02:27:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4459"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18162"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18344"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/282"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/289"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015401"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/856689"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15998"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/3013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-4459 (GCVE-0-2005-4459)

GSD-2005-4459

CERTA-2005-AVI-500

Description

Solution

CERTA-2005-AVI-500

Description

Solution

FKIE_CVE-2005-4459

GHSA-PQX2-MG4C-9G67

Tags

Sightings

Nomenclature