Critical

CVE-2005-4459 - Buffer Errors vulnerability in Vmware ACE/GSX Server/Player/Workstation

Publication: 2005-12-21
Summary

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Vmware Player 1.0
  • Vmware ACE 1.0
  • Vmware GSX Server 2.0.1_build_2129
  • Vmware Workstation 5.0.0_build_13124
  • Vmware GSX Server 2.5.1_build_5336
  • Vmware Workstation 4.5.2_build_8848
  • Vmware GSX Server 3.0_build_7592
  • Vmware GSX Server 2.0
  • Vmware GSX Server 2.5.1
  • Vmware GSX Server 2.5.2
  • Vmware GSX Server 3.0
  • Vmware GSX Server 3.1
  • Vmware GSX Server 3.2
  • Vmware Workstation 3.2.1
  • Vmware Workstation 3.4
  • Vmware Workstation 4.0
  • Vmware Workstation 4.0.1
  • Vmware Workstation 4.0.2
  • Vmware Workstation 4.5.2
  • Vmware Workstation 5.5