cvelistv5 - cve-2009-3707

CVE-2009-3707 (GCVE-0-2009-3707)

Vulnerability from cvelistv5 – Published: 2009-10-16 16:00 – Updated: 2024-08-07 06:38

Summary

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201209-25.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/39206	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/36630	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1022997	vdb-entryx_refsource_SECTRACK
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6…	x_refsource_MISC
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/36988	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.shinnai.net/index.php?mod=02_Forum&gro…	x_refsource_MISC
	http://www.shinnai.net/exploits/abFwcLOuFqmD20yqh…	x_refsource_MISC
	http://secunia.com/advisories/39215	third-party-advisoryx_refsource_SECUNIA
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "39206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39206"
          },
          {
            "name": "36630",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36630"
          },
          {
            "name": "1022997",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022997"
          },
          {
            "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
          },
          {
            "name": "36988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36988"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
          },
          {
            "name": "39215",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39215"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-14T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "39206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39206"
        },
        {
          "name": "36630",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36630"
        },
        {
          "name": "1022997",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022997"
        },
        {
          "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
        },
        {
          "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
        },
        {
          "name": "36988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36988"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
        },
        {
          "name": "39215",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39215"
        },
        {
          "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "39206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39206"
            },
            {
              "name": "36630",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36630"
            },
            {
              "name": "1022997",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022997"
            },
            {
              "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
            },
            {
              "name": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html",
              "refsource": "MISC",
              "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
            },
            {
              "name": "36988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36988"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
            },
            {
              "name": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php",
              "refsource": "MISC",
              "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
            },
            {
              "name": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt",
              "refsource": "MISC",
              "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
            },
            {
              "name": "39215",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39215"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3707",
    "datePublished": "2009-10-16T16:00:00",
    "dateReserved": "2009-10-16T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B71537AE-346D-4BA9-90E7-EA0AB0CD0886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5674C3DD-F510-4701-ACA8-437576307528\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E62960B2-91AE-4DD7-8085-9BA6BCB84473\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBCA2A03-0A31-4290-987A-BE715758BA95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFB84B42-8C68-4B65-93F9-287B699B7540\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E87681DB-CBD8-46A6-BD9A-FB621B627B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3997440A-B731-4F26-A90B-BB14A8F93E55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE944A70-CB9C-4712-9802-509531396A02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"656039E8-8082-4208-B046-518D95769B25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F747AC1-E163-41A4-BAC7-FDF46F4057D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A115959-9CDA-45ED-9002-BA1A31074E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3E658DA-56E8-49F0-B486-4EF622B63627\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3684F0D0-B8BE-442B-AA27-0A485E6BFFAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB33DBC9-3B63-457E-A353-B9E7378211AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\\\x25\\\\xFF sequence in the USER and PASS commands, related to a \\\"format string DoS\\\" issue. NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"VMware Authentication Daemon versi\\u00f3n 1.0 en el archivo vmware-authd.exe en el Servicio de Autorizaci\\u00f3n de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a  2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (bloqueo del proceso) por medio de una secuencia de \\\\x25\\\\xFF en los comandos USER y PASS, relacionada con un problema de \\\"format string DoS\\\". NOTA: algunos de estos datos fueron obtenidos de la informaci\\u00f3n de terceros.\"}]",
      "id": "CVE-2009-3707",
      "lastModified": "2024-11-21T01:08:00.660",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-10-16T16:30:00.907",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36988\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39206\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/39215\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1022997\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/36630\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"URL Repurposed\"]}, {\"url\": \"http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"URL Repurposed\"]}, {\"url\": \"http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"URL Repurposed\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1022997\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"URL Repurposed\"]}, {\"url\": \"http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"URL Repurposed\"]}, {\"url\": \"http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"URL Repurposed\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3707\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-10-16T16:30:00.907\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\\\x25\\\\xFF sequence in the USER and PASS commands, related to a \\\"format string DoS\\\" issue. NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"VMware Authentication Daemon versi\u00f3n 1.0 en el archivo vmware-authd.exe en el Servicio de Autorizaci\u00f3n de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a  2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del proceso) por medio de una secuencia de \\\\x25\\\\xFF en los comandos USER y PASS, relacionada con un problema de \\\"format string DoS\\\". NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71537AE-346D-4BA9-90E7-EA0AB0CD0886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5674C3DD-F510-4701-ACA8-437576307528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62960B2-91AE-4DD7-8085-9BA6BCB84473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBCA2A03-0A31-4290-987A-BE715758BA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFB84B42-8C68-4B65-93F9-287B699B7540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87681DB-CBD8-46A6-BD9A-FB621B627B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3997440A-B731-4F26-A90B-BB14A8F93E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE944A70-CB9C-4712-9802-509531396A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"656039E8-8082-4208-B046-518D95769B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F747AC1-E163-41A4-BAC7-FDF46F4057D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A115959-9CDA-45ED-9002-BA1A31074E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E565F23-AEEE-41A4-80EC-01961AD5560E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3E658DA-56E8-49F0-B486-4EF622B63627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3684F0D0-B8BE-442B-AA27-0A485E6BFFAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB33DBC9-3B63-457E-A353-B9E7378211AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39206\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39215\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1022997\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36630\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"URL Repurposed\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1022997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"URL Repurposed\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2009-3707

Vulnerability from fkie_nvd - Published: 2009-10-16 16:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2010/000090.html
cve@mitre.org	http://secunia.com/advisories/36988	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39206
cve@mitre.org	http://secunia.com/advisories/39215
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.org	http://securitytracker.com/id?1022997
cve@mitre.org	http://www.securityfocus.com/bid/36630
cve@mitre.org	http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt	URL Repurposed
cve@mitre.org	http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php	URL Repurposed
cve@mitre.org	http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html	Exploit, URL Repurposed
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2010-0007.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000090.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36988	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39206
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39215
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022997
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36630
af854a3a-2127-422b-91ae-364da2661108	http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt	URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php	URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Impacted products

Vendor	Product	Version
vmware	ace	2.5.0
vmware	ace	2.5.1
vmware	ace	2.5.2
vmware	ace	2.5.3
vmware	ace	2.5.4
vmware	ace	2.6
vmware	ace	2.6.1
vmware	player	2.5
vmware	player	2.5.1
vmware	player	2.5.2
vmware	player	2.5.3
vmware	player	2.5.4
vmware	player	3.0
vmware	player	3.0.1
vmware	server	2.0.0
vmware	server	2.0.1
vmware	server	2.0.2
vmware	workstation	6.5.0
vmware	workstation	6.5.1
vmware	workstation	6.5.2
vmware	workstation	6.5.3
vmware	workstation	6.5.4
vmware	workstation	7.0
vmware	workstation	7.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB84B42-8C68-4B65-93F9-287B699B7540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3997440A-B731-4F26-A90B-BB14A8F93E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "VMware Authentication Daemon versi\u00f3n 1.0 en el archivo vmware-authd.exe en el Servicio de Autorizaci\u00f3n de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a  2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del proceso) por medio de una secuencia de \\x25\\xFF en los comandos USER y PASS, relacionada con un problema de \"format string DoS\". NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-3707",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-16T16:30:00.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36988"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022997"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36630"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-165

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités découvertes dans les produits VMware permettent à un utilisateur distant malintentionné de porter atteinte à la confidentialité des données, de réaliser un déni de service, d'élever ses privilèges ou d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Worstation 7.x.
VMware	Fusion	VMware Fusion 2.x ;
VMware	N/A	VMware ACE 2.x ;
VMware	N/A	VMware Player 3.x ;
VMware	N/A	VMware Worstation 6.x ;
VMware	N/A	VMware Player 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0007.1 du 12 avril 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0007.1 du 12 avril 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Worstation 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion 2.x ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Worstation 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3707"
    },
    {
      "name": "CVE-2010-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1139"
    },
    {
      "name": "CVE-2009-1564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1564"
    },
    {
      "name": "CVE-2010-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1141"
    },
    {
      "name": "CVE-2009-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1565"
    },
    {
      "name": "CVE-2010-1142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1142"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1140"
    },
    {
      "name": "CVE-2010-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1138"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007.1 du 12 avril    2010 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000091.html"
    }
  ],
  "reference": "CERTA-2010-AVI-165",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware permettent\n\u00e0 un utilisateur distant malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027\u00e9lever\nses privil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007.1 du 12 avril 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant les produits VMware ont été publiées. Elles permettent à un utilisateur malveillant d'effcetuer diverses atteintes à la sécurité du système vulnérable.

Description

exécution de code arbitraire à distance dans le contexte de l'utilisateur connecté ;
exécution de code arbitraire ;
déni de service local ;
atteinte à la confidentialité des données par utilisation de la pile réseau virtuelle ;
élévation de privilèges sur des systèmes Windows.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	N/A	VMware VIX API ;
VMware	Fusion	VMware Fusion 3.x et 2.x ;
VMware	N/A	VMware ACE 2.x ;
VMware	ESXi	VMware ESX et ESXi ;
VMware	N/A	VMware Workstation 7.x et 6.x ;
VMware	N/A	VMware Player 3.x et 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0007 du 09 avril 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion 3.x et 2.x ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX et ESXi ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 7.x et 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 3.x et 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectant les produits VMware ont \u00e9t\u00e9\npubli\u00e9es. Elles permettent \u00e0 un utilisateur malveillant d\u0027effcetuer\ndiverses atteintes \u00e0 la s\u00e9curit\u00e9 du syst\u00e8me vuln\u00e9rable :\n\n-   ex\u00e9cution de code arbitraire \u00e0 distance dans le contexte de\n    l\u0027utilisateur connect\u00e9 ;\n-   ex\u00e9cution de code arbitraire ;\n-   d\u00e9ni de service local ;\n-   atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es par utilisation de la pile\n    r\u00e9seau virtuelle ;\n-   \u00e9l\u00e9vation de privil\u00e8ges sur des syst\u00e8mes Windows.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3707"
    },
    {
      "name": "CVE-2009-1142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1142"
    },
    {
      "name": "CVE-2009-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1141"
    },
    {
      "name": "CVE-2010-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1139"
    },
    {
      "name": "CVE-2009-1564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1564"
    },
    {
      "name": "CVE-2009-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1565"
    },
    {
      "name": "CVE-2009-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3732"
    },
    {
      "name": "CVE-2009-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1140"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1138"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-162",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant les produits VMware ont \u00e9t\u00e9\npubli\u00e9es. Elles permettent \u00e0 un utilisateur malveillant d\u0027effcetuer\ndiverses atteintes \u00e0 la s\u00e9curit\u00e9 du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007 du 09 avril 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    }
  ]
}

CERTA-2010-AVI-165

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Worstation 7.x.
VMware	Fusion	VMware Fusion 2.x ;
VMware	N/A	VMware ACE 2.x ;
VMware	N/A	VMware Player 3.x ;
VMware	N/A	VMware Worstation 6.x ;
VMware	N/A	VMware Player 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0007.1 du 12 avril 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0007.1 du 12 avril 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Worstation 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion 2.x ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Worstation 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3707"
    },
    {
      "name": "CVE-2010-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1139"
    },
    {
      "name": "CVE-2009-1564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1564"
    },
    {
      "name": "CVE-2010-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1141"
    },
    {
      "name": "CVE-2009-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1565"
    },
    {
      "name": "CVE-2010-1142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1142"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1140"
    },
    {
      "name": "CVE-2010-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1138"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007.1 du 12 avril    2010 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000091.html"
    }
  ],
  "reference": "CERTA-2010-AVI-165",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware permettent\n\u00e0 un utilisateur distant malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027\u00e9lever\nses privil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007.1 du 12 avril 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

Description

exécution de code arbitraire à distance dans le contexte de l'utilisateur connecté ;
exécution de code arbitraire ;
déni de service local ;
atteinte à la confidentialité des données par utilisation de la pile réseau virtuelle ;
élévation de privilèges sur des systèmes Windows.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	N/A	VMware VIX API ;
VMware	Fusion	VMware Fusion 3.x et 2.x ;
VMware	N/A	VMware ACE 2.x ;
VMware	ESXi	VMware ESX et ESXi ;
VMware	N/A	VMware Workstation 7.x et 6.x ;
VMware	N/A	VMware Player 3.x et 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0007 du 09 avril 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion 3.x et 2.x ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ACE 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX et ESXi ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 7.x et 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 3.x et 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectant les produits VMware ont \u00e9t\u00e9\npubli\u00e9es. Elles permettent \u00e0 un utilisateur malveillant d\u0027effcetuer\ndiverses atteintes \u00e0 la s\u00e9curit\u00e9 du syst\u00e8me vuln\u00e9rable :\n\n-   ex\u00e9cution de code arbitraire \u00e0 distance dans le contexte de\n    l\u0027utilisateur connect\u00e9 ;\n-   ex\u00e9cution de code arbitraire ;\n-   d\u00e9ni de service local ;\n-   atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es par utilisation de la pile\n    r\u00e9seau virtuelle ;\n-   \u00e9l\u00e9vation de privil\u00e8ges sur des syst\u00e8mes Windows.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3707"
    },
    {
      "name": "CVE-2009-1142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1142"
    },
    {
      "name": "CVE-2009-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1141"
    },
    {
      "name": "CVE-2010-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1139"
    },
    {
      "name": "CVE-2009-1564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1564"
    },
    {
      "name": "CVE-2009-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1565"
    },
    {
      "name": "CVE-2009-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3732"
    },
    {
      "name": "CVE-2009-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1140"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1138"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-162",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant les produits VMware ont \u00e9t\u00e9\npubli\u00e9es. Elles permettent \u00e0 un utilisateur malveillant d\u0027effcetuer\ndiverses atteintes \u00e0 la s\u00e9curit\u00e9 du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0007 du 09 avril 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    }
  ]
}

GHSA-47PM-RHM6-W3XC

Vulnerability from github – Published: 2022-05-02 03:47 – Updated: 2022-05-02 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-16T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-47pm-rhm6-w3xc",
  "modified": "2022-05-02T03:47:48Z",
  "published": "2022-05-02T03:47:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3707"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36988"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022997"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36630"
    },
    {
      "type": "WEB",
      "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
    },
    {
      "type": "WEB",
      "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-3707

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3707

Aliases

CVE-2009-3707

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3707",
    "description": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2009-3707"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3707"
      ],
      "details": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2009-3707",
      "modified": "2023-12-13T01:19:49.515079Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3707",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201209-25",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "39206",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39206"
          },
          {
            "name": "36630",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36630"
          },
          {
            "name": "1022997",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022997"
          },
          {
            "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
          },
          {
            "name": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html",
            "refsource": "MISC",
            "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
          },
          {
            "name": "36988",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36988"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
          },
          {
            "name": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php",
            "refsource": "MISC",
            "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
          },
          {
            "name": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt",
            "refsource": "MISC",
            "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
          },
          {
            "name": "39215",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39215"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3707"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
            },
            {
              "name": "1022997",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022997"
            },
            {
              "name": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
            },
            {
              "name": "36988",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36988"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
            },
            {
              "name": "39206",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39206"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
            },
            {
              "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
            },
            {
              "name": "39215",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39215"
            },
            {
              "name": "36630",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36630"
            },
            {
              "name": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
            },
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-05-15T03:01Z",
      "publishedDate": "2009-10-16T16:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3707 (GCVE-0-2009-3707)

FKIE_CVE-2009-3707

CERTA-2010-AVI-165

Solution

CERTA-2010-AVI-162

Description

Solution

CERTA-2010-AVI-165

Solution

CERTA-2010-AVI-162

Description

Solution

GHSA-47PM-RHM6-W3XC

GSD-2009-3707

Tags

Sightings

Nomenclature