CVE-2007-0062

Name of the Vulnerable Software and Affected Versions ISC dhcpd versions 3.0.x through 3.0.6 ISC dhcpd versions 3.1.x through 3.1.0 EMC VMware Workstation versions prior to 5.5.5 Build 56455 EMC VMware Workstation versions prior to 6.0.1 Build 55017 EMC VMware Player versions prior to 1.0.5 Build 56455 EMC VMware Player 2 versions prior to 2.0.1 Build 55017 EMC VMware ACE versions prior to 1.0.3 Build 54075 EMC VMware ACE 2 versions prior to 2.0.1 Build 55017 EMC VMware Server versions prior to 1.0.4 Build 56528

Description The issue is caused by an integer overflow that can lead to a denial of service or the execution of arbitrary code via a malformed DHCP packet. This packet must have a large dhcp-max-message-size to trigger a stack-based buffer overflow. The vulnerability is particularly relevant to servers configured to send many DHCP options to clients.

Recommendations For ISC dhcpd versions 3.0.x through 3.0.6, update to version 3.0.7 or later. For ISC dhcpd versions 3.1.x through 3.1.0, update to version 3.1.1 or later. For EMC VMware Workstation versions prior to 5.5.5 Build 56455, update to version 5.5.5 Build 56455 or later. For EMC VMware Workstation versions prior to 6.0.1 Build 55017, update to version 6.0.1 Build 55017 or later. For EMC VMware Player versions prior to 1.0.5 Build 56455, update to version 1.0.5 Build 56455 or later. For EMC VMware Player 2 versions prior to 2.0.1 Build 55017, update to version 2.0.1 Build 55017 or later. For EMC VMware ACE versions prior to 1.0.3 Build 54075, update to version 1.0.3 Build 54075 or later. For EMC VMware ACE 2 versions prior to 2.0.1 Build 55017, update to version 2.0.1 Build 55017 or later. For EMC VMware Server versions prior to 1.0.4 Build 56528, update to version 1.0.4 Build 56528 or later.