Vulnerabilities > CVE-2009-1805 - Denial Of Service vulnerability in VMware Products Descheduled Time Accounting Driver
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
Vulnerable Configurations
Nessus
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0007.NASL description a. VMware Descheduled Time Accounting driver vulnerability may cause a denial of service in Windows based virtual machines. The VMware Descheduled Time Accounting Service is an optional, experimental service that provides improved guest operating system accounting. This patch fixes a denial of service vulnerability that could be triggered in a virtual machine by an unprivileged, locally logged-on user in the virtual machine. Virtual machines are affected under the following conditions : - The virtual machine is running a Windows operating system. - The VMware Descheduled Time Accounting driver is installed in the virtual machine. Note that this is an optional (non- default) part of the VMware Tools installation. - The VMware Descheduled Time Accounting Service is not running in the virtual machine The VMware Descheduled Time Accounting Service is no longer provided in newer versions of VMware Tools, starting with the versions released in Fusion 2.0.2 and ESX 4.0. However, virtual machines migrated from vulnerable releases will still be vulnerable if the three conditions listed above are met, until their tools are upgraded. Steps needed to remediate this vulnerability : Guest systems on VMware Workstation, Player, ACE, Server, Fusion - Install the new version of Workstation, Player, ACE, Server, Fusion (see below for version information) - Upgrade tools in the virtual machine (virtual machine users will be prompted to upgrade). Guest systems on ESX 3.5, ESXi 3.5, ESX 3.0.2, ESX 3.0.3 - Install the relevant patches (see below for patch identifiers) - Manually upgrade tools in the virtual machine (virtual machine users will not be prompted to upgrade). Note the VI Client will not show the VMware tools is out of date in the summary tab. Please see http://tinyurl.com/27mpjo page 80 for details. Guests systems on ESX 4.0 and ESXi 4.0 that have been migrated from ESX 3.5, ESXi 3.5, and ESX 3.0.x - Install/upgrade the new tools in the virtual machine (virtual machine users will be prompted to upgrade). If the Descheduled Time Accounting driver was installed, the tools upgrade will result in an updated driver for Workstation, Player, ACE, Server, ESX 3.0.2, ESX 3.0.3, ESX 3.5, ESXi 3.5. For Fusion, ESX 4.0, and ESXi 4.0 the tools upgrade will result in the removal of the driver. VMware would like to thank Nikita Tarakanov for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1805 to this issue. b. Updated libpng package for the ESX 2.5.5 Service Console The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A flaw was discovered in the way libpng handled PNG images containing last seen 2020-06-01 modified 2020-06-02 plugin id 40392 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40392 title VMSA-2009-0007 : VMware Hosted products and ESX and ESXi patches resolve security issues NASL family Misc. NASL id VMWARE_VMSA-2009-0007_REMOTE.NASL description The remote ESX / ESXi host is missing a security-related patch. It is, therefore, affected by an unspecified flaw in the Descheduled Time Accounting driver that allows a guest Windows user to cause a denial of service. Note that this issue can be exploited only if the feature is installed and the affected service is not running in the virtual machine. last seen 2020-06-01 modified 2020-06-02 plugin id 89113 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89113 title VMware ESX / ESXi Descheduled Time Accounting DoS (VMSA-2009-0007) (remote check) NASL family Windows NASL id VMWARE_MULTIPLE_VMSA_2009_0005.NASL description VMware products installed on the remote host are reportedly affected by multiple vulnerabilities : - A vulnerability in the guest virtual device driver could allow an attacker to use the guest operating system to crash the host operating system. (CVE-2008-3761) - A denial of service vulnerability affects an unspecified IOCTL contained in the last seen 2020-06-01 modified 2020-06-02 plugin id 36117 published 2009-04-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36117 title VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)
Oval
| accepted | 2009-11-09T04:00:36.120-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:6130 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2009-09-23T15:39:02.000-04:00 | ||||||||||||
| title | VMware Descheduled Time Accounting Driver Bug Lets Local Users on the Guest Operating System Deny Service | ||||||||||||
| version | 3 |
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35141 CVE ID:CVE-2009-1805 CNCVE ID:CNCVE-20091805 VMware提供包含多个虚拟主机和服务器的解决方案。 VMware Descheduled Time Accounting driver存在一个未明的安全问题,本地攻击者可以利用漏洞对虚拟机进行拒绝服务攻击。 符合如下条件的虚拟机受此漏洞影响: -虚拟机运行在windows操作系统下。 -VMware Descheduled Time Accounting driver安装在虚拟机上。 -VMware Descheduled Time Accounting服务没有运行在虚拟机上。 目前没有详细漏洞细节提供。 VMWare Workstation 6.5.2 VMWare Workstation 6.5.1 VMWare Workstation 6.5 build 118166 VMWare Workstation 6.0.5 build 109488 VMWare Workstation 6.0.5 VMWare Workstation 6.0.4 build 93057 VMWare Workstation 6.0.4 VMWare Workstation 6.0.3 Build 80004 VMWare Workstation 6.0.3 VMWare Workstation 6.0.2 VMWare Workstation 6.0.1 VMWare Workstation 6.0 VMWare Workstation 6.0.0.45731 VMWare Player 2.5.2 VMWare Player 2.5.1 VMWare Player 2.5 build 118166 VMWare Player 2.0.5 build 109488 VMWare Player 2.0.5 VMWare Player 2.0.4 build 93057 VMWare Player 2.0.4 VMWare Player 2.0.3 Build 80004 VMWare Player 2.0.2 VMWare Player 2.0.1 VMWare Player 2.0 VMWare Fusion 2 VMWare ESXi Server 3.5 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ESX Server 3.5 VMWare ACE 2.5.2 VMWare ACE 2.5.1 VMWare ACE 2.5 build 118166 VMWare ACE 2.0.5 build 109488 VMWare ACE 2.0.5 VMWare ACE 2.0.3 VMWare ACE 2.0.2 build 93057 VMWare ACE 2.0.2 VMWare ACE 2.0.1 VMWare ACE 2.0 可参考如下安全公告获得补丁信息: <a href="http://www.vmware.com/security/advisories/VMSA-2009-0007.html" target="_blank" rel=external nofollow>http://www.vmware.com/security/advisories/VMSA-2009-0007.html</a> |
| id | SSV:11498 |
| last seen | 2017-11-19 |
| modified | 2009-06-02 |
| published | 2009-06-02 |
| reporter | Root |
| title | VMware产品Descheduled Time Accounting Driver拒绝服务漏洞 |
References
- http://secunia.com/advisories/35269
- http://www.securityfocus.com/archive/1/503912/100/0/threaded
- http://www.securityfocus.com/bid/35141
- http://www.securitytracker.com/id?1022300
- http://www.vmware.com/security/advisories/VMSA-2009-0007.html
- http://www.vupen.com/english/advisories/2009/1452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130