VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
BID:25729
Info
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 25729 |
| Class: | Design Error |
| CVE: |
CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2007 12:00AM |
| Updated: | Dec 05 2009 01:04AM |
| Credit: | Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force are credited with the discovery of this vulnerability. |
| Vulnerable: |
VMWare Workstation 6.0 VMWare Workstation 5.5.4 build 44386 VMWare Workstation 5.5.4 VMWare Workstation 5.5.3 build 42958 VMWare Workstation 5.5.3 build 34685 VMWare Workstation 5.5.1 Build 19175 VMWare Workstation 5.5.1 VMWare Workstation 5.0 .0 build-13124 VMWare Workstation 4.5.2 VMWare Workstation 4.5.2 VMWare Workstation 4.0.2 VMWare Workstation 4.0.1 VMWare Workstation 4.0 VMWare Workstation 3.4 VMWare Workstation 5.5.4 Build 44386 VMWare Server 1.0.3 VMWare Player 2.0 VMWare Player 1.0.4 VMWare ACE 2.0 VMWare ACE 1.0.3 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 rPath rPath Linux 2 rPath rPath Linux 1 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux |
| Not Vulnerable: |
VMWare Workstation 6.0.1 VMWare Workstation 5.5.5 VMWare Server 1.0.4 VMWare Player 2.0.1 VMWare Player 1.0.5 VMWare ACE 2.0.1 VMWare ACE 1.0.4 |
Discussion
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
VMware Workstation's DHCP server is prone to multiple remote code-execution issues, including a stack-based integer-underflow issue, a stack-based buffer-overflow issue, and an unspecified vulnerability.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.
Versions prior to VMware Workstation 6.0.1 Build 55017 are vulnerable.
VMware Workstation's DHCP server is prone to multiple remote code-execution issues, including a stack-based integer-underflow issue, a stack-based buffer-overflow issue, and an unspecified vulnerability.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.
Versions prior to VMware Workstation 6.0.1 Build 55017 are vulnerable.
Exploit / POC
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
The following exploit code is available to members of the Immunity Partner's Program:
https://www.immunityinc.com/downloads/immpartners/vmware1.py
https://www.immunityinc.com/downloads/immpartners/vmware_dhcpd.tgz
The following exploit code is available to members of the Immunity Partner's Program:
https://www.immunityinc.com/downloads/immpartners/vmware1.py
https://www.immunityinc.com/downloads/immpartners/vmware_dhcpd.tgz
Solution / Fix
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
Solution:
The vendor has released an advisory. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Corporate Server 4.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0 x86_64
Solution:
The vendor has released an advisory. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva dhcp-client-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-doc-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva dhcp-client-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-doc-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva dhcp-client-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-doc-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva dhcp-client-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-doc-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0
-
Mandriva dhcp-client-3.0.7-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Multi Network Firewall 2.0
-
Mandriva dhcp-client-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva dhcp-client-3.0.7-0.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0
-
Mandriva dhcp-client-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 4.0 x86_64
-
Mandriva dhcp-client-3.0.7-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-common-3.0.7-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-devel-3.0.7-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-relay-3.0.7-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva dhcp-server-3.0.7-0.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/
References
VMware Workstation DHCP Server Multiple Remote Code Execution Vulnerabilities
References:
References:
- Notes on VMware Workstation 6.0.1, Build 55017 (VMware)
- VMware Homepage (VMware)