CVE-2009-4811
VMware ACE 2.6-2.6.1 and 2.5.x-2.5.4 - Denial of Service via Format String in Authentication Daemon
Title source: llmDescription
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-25.xml
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36630
Patch, Vendor Advisory x_refsource_misc
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
Exploit, URL Repurposed x_refsource_misc
http://freetexthost.com/qr1tffkzpu
Exploit x_refsource_misc
http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
Scores
EPSS
0.0276
EPSS Percentile
84.3%
Details
CWE
CWE-134
Status
published
Products (24)
vmware/ace
2.5.0
vmware/ace
2.5.1
vmware/ace
2.5.2
vmware/ace
2.5.3
vmware/ace
2.5.4
vmware/ace
2.6
vmware/ace
2.6.1
vmware/player
2.5
vmware/player
2.5.1
vmware/player
2.5.2
... and 14 more
Published
Apr 27, 2010
Tracked Since
Feb 18, 2026