发布时间 :2006-07-12 20:05:00
修订时间 :2008-09-05 17:07:26

[原文]** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed.

[CNNVD] EMC VMware Player ide1:0.fileName参数的长值拒绝服攻击(CNNVD-200607-202)

        **有争议** EMC VMware Player可以使用户协助式攻击者借助虚拟机的.vmx文件中的ide1:0.fileName参数的长值,引起拒绝服务(不可恢复的应用程序故障)。注: 第三方对此问题提出反驳,表示对.vmx文件的写入访问可以实现停止虚拟机的其他方式,因此这并未超越特权界限。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20060620 Re: Vm ware 0day dos exploit by n00b.
(UNKNOWN)  BUGTRAQ  20060618 Vm ware 0day dos exploit by n00b.
(UNKNOWN)  BUGTRAQ  20060620 Re: Vm ware 0day dos exploit by n00b.

- 漏洞信息

EMC VMware Player ide1:0.fileName参数的长值拒绝服攻击
低危 未知
2006-07-12 00:00:00 2006-09-23 00:00:00
        **有争议** EMC VMware Player可以使用户协助式攻击者借助虚拟机的.vmx文件中的ide1:0.fileName参数的长值,引起拒绝服务(不可恢复的应用程序故障)。注: 第三方对此问题提出反驳,表示对.vmx文件的写入访问可以实现停止虚拟机的其他方式,因此这并未超越特权界限。

- 公告与补丁


- 漏洞信息

VMware Player .vmx ide1:0.fileName Parameter Overflow DoS
Local Access Required Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

EMC VMware Player contains a flaw that may allow a local denial of service. The issue is triggered when a user loads a .vmx file containing an ide1:0.fileName parameter with an overly long value, and will result in loss of availability for the the VMware instace. However, for an attacker to gain access and edit the .vmx file, it would require a level of access that would allow a wide variety of attacks. This level of access is considered to be trusted and not readily available to someone looking to launch this type of attack.

- 时间线

2006-06-18 Unknow
Unknow Unknow

- 解决方案

The vulnerability reported is incorrect. No solution required.

- 相关参考

- 漏洞作者