APP: VMware Authorization Service User Credential Parsing Denial of Service
A denial of service vulnerability has been reported in the authorization service of some VMware products. The flaw is due to a design error when processing login requests. An attacker can exploit this vulnerability by supplying malicious USER or PASS strings to the target host. Successful exploitation would result on the termination of the "vmware-authd" process causing a denial of service condition.
Extended Description
VMware Player and Workstation are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate validation checks on user-supplied input. An attacker can exploit this issue to crash the 'vmware-authd' process, denying service to legitimate users. NOTE: This issue was also covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities); this BID is being retained to properly document the issue.
Affected Products
Vmware ace
References
BugTraq: 36630
Short Name
APP:VMAUTH-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Authorization Credential Denial Parsing Service User VMware bid:36630 of
Release Date
07/18/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/912
False Positive
Unknown
Vendors
Vmware