Vigil@nce: VMware Player, Workstation, denial of service of vmware-authd
October 2009 by Vigil@nce
An attacker can send a malicious authentication query to the
vmware-authd service of VMware Player or VMware Workstation in
order to stop it.
– Severity: 2/4
– Consequences: administrator access/rights, denial of service of
service
– Provenance: intranet client
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/10/2009
IMPACTED PRODUCTS
– VMware ACE
– VMware Player
– VMware Workstation
DESCRIPTION OF THE VULNERABILITY
The vmware-authd.exe authentication service of VMware Player or
VMware Workstation listens on port 912/tcp.
This service expects data like:
_ USER user_name
_ PASS password
The user name and the password are logged.
However, when the user name or the password contains the ’%’
character, a format string attack occurs.
A non authenticated attacker can therefore create a denial of
service, and eventually execute code.
CHARACTERISTICS
– Identifiers: BID-36630, VIGILANCE-VUL-9079
– Url: http://vigilance.fr/vulnerability/VMware-Player-Workstation-denial-of-service-of-vmware-authd-9079