No account yet?
Home » Exploits » VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities E-mail
Feeds - Exploits
Written by Neel Mehta and Ryan Smith   
Friday, 13 March 2009 23:55
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities


-\\Bugtraq ID:
25729

-\\Class:
Design Error

-\\CVE:
CVE-2007-0061
CVE-2007-0062
CVE-2007-0063


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Sep 17 2007 12:00AM

-\\Updated:
Mar 13 2009 03:46PM

-\\Credit:
Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force are credited with the discovery of this vulnerability.



-\\Vulnerable:
VMWare Workstation 6.0
VMWare Workstation 5.5.4 build 44386
VMWare Workstation 5.5.4
VMWare Workstation 5.5.3 build 42958
VMWare Workstation 5.5.3 build 34685
VMWare Workstation 4.5.2
VMWare VMWare Workstation 5.5.1  Build 19175
VMWare VMWare Workstation 5.5.1
VMWare VMWare Workstation 5.0 .0 build-13124
VMWare VMWare Workstation 4.5.2
VMWare VMWare Workstation 4.0.2
VMWare VMWare Workstation 4.0.1
VMWare VMWare Workstation 4.0
VMWare VMWare Workstation 3.4
VMWare VMWare Workstation  5.5.4 Build 44386
VMWare Server 1.0.3
VMWare Player 2.0
VMWare Player 1.0.4
VMWare ACE 2.0
VMWare ACE 1.0.3
Ubuntu Ubuntu Linux  7.04 sparc
Ubuntu Ubuntu Linux  7.04 powerpc
Ubuntu Ubuntu Linux  7.04 i386
Ubuntu Ubuntu Linux  7.04 amd64
Ubuntu Ubuntu Linux  6.10 sparc
Ubuntu Ubuntu Linux  6.10 powerpc
Ubuntu Ubuntu Linux  6.10 i386
Ubuntu Ubuntu Linux  6.10 amd64
Ubuntu Ubuntu Linux  6.06 LTS sparc
Ubuntu Ubuntu Linux  6.06 LTS powerpc
Ubuntu Ubuntu Linux  6.06 LTS i386
Ubuntu Ubuntu Linux  6.06 LTS amd64
S.u.S.E. SUSE Linux Enterprise Server  9
S.u.S.E. SUSE Linux Enterprise Server  10
S.u.S.E. openSUSE  11.0
S.u.S.E. openSUSE  10.3
rPath rPath Linux  2
rPath rPath Linux  1
Gentoo Linux  



-\\Not Vulnerable:
VMWare Workstation 6.0.1
VMWare Workstation 5.5.5
VMWare Server 1.0.4
VMWare Player 2.0.1
VMWare Player 1.0.5
VMWare ACE 2.0.1
VMWare ACE 1.0.4



-\\Discussion
VMware Workstation's DHCP server is prone to multiple remote code-execution issues, including a stack-based integer-underflow issue, a stack-based buffer-overflow issue, and an unspecified vulnerability.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.

Versions prior to VMware Workstation 6.0.1 Build 55017 are vulnerable.



-\\Exploit(s)/PoC(s):
The following exploit code is available to members of the Immunity Partner's Program:

https://www.immunityinc.com/downloads/immpartners/vmware1.py
https://www.immunityinc.com/downloads/immpartners/vmware_dhcpd.tgz



-\\Solution
The vendor has released an advisory. Please see the references for more information.



-\\References(s)
--Notes on VMware Workstation 6.0.1, Build 55017
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htm  (VMware)
--VMware Homepage
http://www.vmware.co  (VMware)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff