Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4459

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-4459
Last Modified 17 Oct 2011 12:00:00
Published 21 Dec 2005 03:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4459

Summary

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Vulnerable Systems

Application

  • Vmware Ace 1.0

  • Vmware Gsx Server 2.0

  • Vmware Gsx Server 2.0.1 Build 2129

  • Vmware Gsx Server 2.5.1

  • Vmware Gsx Server 2.5.1 Build 5336

  • Vmware Gsx Server 2.5.2

  • Vmware Gsx Server 3.0

  • Vmware Gsx Server 3.0 Build 7592

  • Vmware Gsx Server 3.1

  • Vmware Gsx Server 3.2

  • Vmware Player 1.0

  • Vmware Workstation 3.2.1

  • Vmware Workstation 3.4

  • Vmware Workstation 4.0

  • Vmware Workstation 4.0.1

  • Vmware Workstation 4.0.2

  • Vmware Workstation 4.5.2

  • Vmware Workstation 4.5.2 Build 8848

  • Vmware Workstation 5.0.0 Build 13124

  • Vmware Workstation 5.5


References

CERT-VN - VU#856689

CONFIRM - http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000

BID - 15998

SECUNIA - 18162

VUPEN - ADV-2005-3013

BUGTRAQ - 20051221 VMware vulnerability in NAT networking

BUGTRAQ - 20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others]

GENTOO - GLSA-200601-04

SECTRACK - 1015401

SREASON - 289

SREASON - 282

SECUNIA - 18344

FULLDISC - 20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others


Last Updated: 27 May 2016 10:41:18