Vulnerabilities > CVE-2007-1337 - Denial Of Service vulnerability in VMware

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
vmware
nessus
NVD
Published: 2007-05-02
Updated: 2018-10-16

Summary

The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Vmware
20

Nessus

NASL familyWindows
NASL idVMWARE_WORKSTATION_5_5_4_44386.NASL
descriptionThe version of VMware Workstation installed on the remote host is earlier than 5.5.4, Build 44386. Such versions are reportedly affected by several issues, including a directory traversal issue in the application
last seen2020-06-01
modified2020-06-02
plugin id25119
published2007-05-01
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25119
titleVMware Workstation < 5.5.4 Build 44386 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(25119);
  script_version("1.22");
  script_cvs_date("Date: 2018/11/15 20:50:29");

  script_cve_id("CVE-2007-1069", "CVE-2007-1337", "CVE-2007-1744", "CVE-2007-1876", "CVE-2007-1877");
  script_bugtraq_id(23721, 23732);

  script_name(english:"VMware Workstation < 5.5.4 Build 44386 Multiple Vulnerabilities");
  script_summary(english:"Checks version of VMware Workstation"); 

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by
multiple issues." );
  script_set_attribute(attribute:"description", value:
"The version of VMware Workstation installed on the remote host is
earlier than 5.5.4, Build 44386.  Such versions are reportedly
affected by several issues, including a directory traversal issue in
the application's Shared Folders feature that may allow read or write
access from a guest to a host system, subject to the privileges of the
user running VMware Workstation." );
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a807d0af" );
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Apr/487" );
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Workstation 5.5.4, Build 44386 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 
  script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/01");
  script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/27");
  script_set_attribute(attribute:"patch_publication_date", value: "2008/11/06");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("vmware_workstation_detect.nasl");
  script_require_keys("VMware/Workstation/Version");
  script_require_ports(139, 445);

  exit(0);
}

version = get_kb_item("VMware/Workstation/Version");
if (!version)
  exit (0);

v = split(version, sep:".", keep:FALSE);

 if ( ( int(v[0]) < 5 ) ||
     ( int(v[0]) == 5 && int(v[1]) < 5 ) ||
     ( int(v[0]) == 5 && int(v[1]) == 5 && int(v[2]) < 4 ) ||
     ( int(v[0]) == 5 && int(v[1]) == 5 && int(v[2]) == 4 && int(v[3]) < 44386 ) )
     {
   	security_hole(get_kb_item("SMB/transport"));
	exit(0);
     }

References