CVE-2005-4459
CVSS10.0
发布时间 :2005-12-21 15:03:00
修订时间 :2011-10-17 00:00:00
NMCOS    

[原文]Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.


[CNNVD]VMware NAT联网配置远程堆溢出漏洞(CNNVD-200512-496)

        VMWare是一款"虚拟PC"软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
        由于Vmnat无法正确的处理特制的EPRT和PORT FTP请求,导致Windows主机的vmnat.exe和Linux系统的vmnet-natd上存在安全漏洞。恶意用户可以使用NAT联网配置在目标机器上执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:vmware:workstation:3.4VMWare VMWare Workstation 3.4
cpe:/a:vmware:workstation:4.0.1VMWare VMWare Workstation 4.0.1
cpe:/a:vmware:gsx_server:2.0VMWare GSX Server 2.0
cpe:/a:vmware:player:1.0
cpe:/a:vmware:workstation:5.0.0_build_13124VMWare VMWare Workstation 5.0.0 build13124
cpe:/a:vmware:workstation:5.5VMWare VMWare 5.5
cpe:/a:vmware:gsx_server:2.0.1_build_2129VMWare GSX Server 2.0.1 build 2129
cpe:/a:vmware:workstation:4.0.2VMWare VMWare Workstation 4.0.2
cpe:/a:vmware:gsx_server:3.1VMWare GSX Server 3.1
cpe:/a:vmware:ace:1.0VMWare ACE 1.0
cpe:/a:vmware:gsx_server:2.5.1VMWare GSX Server 2.5.1
cpe:/a:vmware:workstation:3.2.1:patch1VMWare VMWare Workstation 3.2.1 patch1
cpe:/a:vmware:gsx_server:2.5.2VMWare GSX Server 2.5.2
cpe:/a:vmware:gsx_server:3.0_build_7592VMWare GSX Server 3.0 build 7592
cpe:/a:vmware:gsx_server:2.5.1_build_5336VMWare GSX Server 2.5.1 build 5336
cpe:/a:vmware:gsx_server:3.0VMWare GSX Server 3.0
cpe:/a:vmware:workstation:4.0VMWare VMWare Workstation 4.0
cpe:/a:vmware:gsx_server:3.2VMWare GSX Server 3.2
cpe:/a:vmware:workstation:4.5.2_build_8848:r4
cpe:/a:vmware:workstation:4.5.2VMWare VMWare Workstation 4.5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4459
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-496
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/856689
(UNKNOWN)  CERT-VN  VU#856689
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
(PATCH)  CONFIRM  http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
http://www.securityfocus.com/bid/15998
(PATCH)  BID  15998
http://secunia.com/advisories/18162
(VENDOR_ADVISORY)  SECUNIA  18162
http://www.vupen.com/english/advisories/2005/3013
(VENDOR_ADVISORY)  VUPEN  ADV-2005-3013
http://www.securityfocus.com/archive/1/archive/1/420017/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051221 VMware vulnerability in NAT networking
http://www.securityfocus.com/archive/1/archive/1/419997/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others]
http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml
(UNKNOWN)  GENTOO  GLSA-200601-04
http://securitytracker.com/id?1015401
(UNKNOWN)  SECTRACK  1015401
http://securityreason.com/securityalert/289
(UNKNOWN)  SREASON  289
http://securityreason.com/securityalert/282
(UNKNOWN)  SREASON  282
http://secunia.com/advisories/18344
(VENDOR_ADVISORY)  SECUNIA  18344
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html
(UNKNOWN)  FULLDISC  20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others

- 漏洞信息

VMware NAT联网配置远程堆溢出漏洞
危急 缓冲区溢出
2005-12-21 00:00:00 2006-09-23 00:00:00
远程  
        VMWare是一款"虚拟PC"软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
        由于Vmnat无法正确的处理特制的EPRT和PORT FTP请求,导致Windows主机的vmnat.exe和Linux系统的vmnet-natd上存在安全漏洞。恶意用户可以使用NAT联网配置在目标机器上执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.vmware.com/download

- 漏洞信息

22006
VMware vmnat.exe/vmnet-natd Multiple FTP Command Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-20 2005-11-25
Unknow Unknow

- 解决方案

Upgrade to version 1.0.1 Build 19317 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

VMWare Remote Arbitrary Code Execution Vulnerability
Boundary Condition Error 15998
Yes No
2005-12-21 12:00:00 2006-01-10 11:31:00
Discovered by Tim Shelton.

- 受影响的程序版本

VMWare Workstation 5.0 .0 build-13124
VMWare Workstation 4.5.2
VMWare Workstation 4.0.2
VMWare Workstation 4.0.1
VMWare Workstation 4.0
VMWare Workstation 3.4
VMWare Workstation 3.2.1 patch 1
VMWare Player
VMWare GSX Server 3.1
VMWare GSX Server 3.0 build 7592
VMWare GSX Server 3.0
VMWare GSX Server 2.5.2
VMWare GSX Server 2.5.1 build 5336
VMWare GSX Server 2.5.1
VMWare GSX Server 2.0.1 build 2129
VMWare GSX Server 2.0
VMWare ACE 1.0
Gentoo Linux
VMWare Workstation 5.5.1 Build 19175
VMWare Player 1.0.1 Build 19317
VMWare GSX Server 3.2.1 Build 19281
VMWare ACE 1.0.2 Build 19206

- 不受影响的程序版本

VMWare Workstation 5.5.1 Build 19175
VMWare Player 1.0.1 Build 19317
VMWare GSX Server 3.2.1 Build 19281
VMWare ACE 1.0.2 Build 19206

- 漏洞讨论

Multiple VMWare products are affected by a remote arbitrary code execution vulnerability.

Successful exploitation can allow an attacker to execute arbitrary code on the vulnerable computer hosting VMWare. This may result in a complete compromise.

This issue affects VMWare Workstation, VMWare GSX Server, VMWare ACE, and VMWare Player.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released upgrades to address this issue. Users should contact the vendor to obtain upgrades.

Gentoo Linux has released security advisory GLSA 200601-04 addressing this issue. Gentoo recommends all VMware Workstation users should upgrade to a fixed version:

# emerge --sync
# emerge --ask --oneshot --verbose app-emulation/vmware-workstation

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站