PT-2005-5142 · Vmware · Ace+3
Tim Shelton
·
Published
2005-12-21
·
Updated
2018-10-30
·
CVE-2005-4459
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMWare Workstation version 5.5
GSX Server version 3.2
ACE version 1.0.1
Player version 1.0
Description
A heap-based buffer overflow issue exists in the NAT networking components vmnat.exe and vmnet-natd. This allows remote authenticated attackers, including guests, to execute arbitrary code via crafted FTP commands, specifically EPRT and PORT commands.
Recommendations
For VMWare Workstation version 5.5, update to a version that includes the fix for this issue.
For GSX Server version 3.2, update to a version that includes the fix for this issue.
For ACE version 1.0.1, update to a version that includes the fix for this issue.
For Player version 1.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the NAT networking components vmnat.exe and vmnet-natd to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ace
Gsx Server
Player
Vmware Workstation